{"id":23260,"name":"jsonpath","ecosystem":"npm","repository_url":"https://github.com/dchester/jsonpath","issues_count":776,"created_at":"2025-06-07T03:12:23.861Z","updated_at":"2025-06-07T03:12:23.861Z","purl":"pkg:npm/jsonpath","metadata":{"id":1911050,"name":"jsonpath","ecosystem":"npm","description":"Query JavaScript objects with JSONPath expressions. Robust / safe JSONPath engine for Node.js.","homepage":"https://github.com/dchester/jsonpath#readme","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/dchester/jsonpath","keywords_array":["JSONPath","jsonpath","json-path","object","traversal","json","path","data structures"],"namespace":null,"versions_count":25,"first_release_published_at":"2015-01-29T06:31:43.337Z","latest_release_published_at":"2021-04-01T15:41:03.734Z","latest_release_number":"1.1.1","last_synced_at":"2025-06-06T08:01:25.279Z","created_at":"2022-04-09T18:14:04.343Z","updated_at":"2025-06-06T08:01:25.280Z","registry_url":"https://www.npmjs.com/package/jsonpath","install_command":"npm install jsonpath","documentation_url":null,"metadata":{"funding":null,"dist-tags":{"latest":"1.1.1"}},"repo_metadata":{"id":26321375,"uuid":"29769677","full_name":"dchester/jsonpath","owner":"dchester","description":"Query and manipulate JavaScript objects with JSONPath expressions.  Robust JSONPath engine for Node.js.","archived":false,"fork":false,"pushed_at":"2024-02-29T09:24:09.000Z","size":314,"stargazers_count":1286,"open_issues_count":99,"forks_count":214,"subscribers_count":25,"default_branch":"master","last_synced_at":"2024-05-15T14:54:26.797Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dchester.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-01-24T07:50:24.000Z","updated_at":"2024-06-18T11:06:47.292Z","dependencies_parsed_at":"2024-06-18T11:18:01.700Z","dependency_job_id":null,"html_url":"https://github.com/dchester/jsonpath","commit_stats":{"total_commits":91,"total_committers":13,"mean_commits":7.0,"dds":0.2417582417582418,"last_synced_commit":"c1dd8ec74034fb0375233abb5fdbec51ac317b4b"},"previous_names":[],"tags_count":24,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dchester","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":214764538,"owners_count":15781517,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"dchester","name":"David Chester","uuid":"199934","kind":"user","description":null,"email":"","website":null,"location":"New York, NY","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/199934?v=4","repositories_count":37,"last_synced_at":"2024-04-15T00:17:33.597Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/dchester","funding_links":[],"total_stars":2315,"followers":94,"following":4,"created_at":"2022-11-02T16:35:07.782Z","updated_at":"2024-04-15T00:17:34.483Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dchester","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dchester/repositories"},"tags":[{"name":"1.1.0","sha":"eafa80c5b20038ea348fdfbe8ac4d0467be6e4fd","kind":"commit","published_at":"2021-01-14T20:37:13.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/1.1.0","html_url":"https://github.com/dchester/jsonpath/releases/tag/1.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/1.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/1.1.0/manifests"},{"name":"1.0.2","sha":"778bc1ea297309e5925910698bb8ead9369d2e55","kind":"commit","published_at":"2019-06-03T04:08:19.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/1.0.2","html_url":"https://github.com/dchester/jsonpath/releases/tag/1.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/1.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/1.0.2/manifests"},{"name":"1.0.0","sha":"9713c6f94198df510d9ebb6b2a73fce3762e6601","kind":"commit","published_at":"2017-10-21T18:15:06.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/1.0.0","html_url":"https://github.com/dchester/jsonpath/releases/tag/1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/1.0.0/manifests"},{"name":"0.2.11","sha":"4e4087c78e5d0e32a769f1270af16198bc77f2d3","kind":"commit","published_at":"2017-02-15T18:41:53.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/0.2.11","html_url":"https://github.com/dchester/jsonpath/releases/tag/0.2.11","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.11","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.11/manifests"},{"name":"0.2.10","sha":"c2d7030248b505e45914780ca2779bbe66765698","kind":"commit","published_at":"2017-02-10T21:58:32.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/0.2.10","html_url":"https://github.com/dchester/jsonpath/releases/tag/0.2.10","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.10","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.10/manifests"},{"name":"0.2.9","sha":"ed27ad3e79efe507bbbea10f9272a29c6673412b","kind":"commit","published_at":"2016-11-23T02:19:07.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/0.2.9","html_url":"https://github.com/dchester/jsonpath/releases/tag/0.2.9","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.9","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.9/manifests"},{"name":"0.2.8","sha":"d10c6c48a9eb4fb9b0b75d785286d104e876ea75","kind":"commit","published_at":"2016-11-16T21:40:56.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/0.2.8","html_url":"https://github.com/dchester/jsonpath/releases/tag/0.2.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.8/manifests"},{"name":"0.2.7","sha":"5b16cbfb471b2038911803419c0a7df1ba79f651","kind":"commit","published_at":"2016-08-29T16:26:40.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/0.2.7","html_url":"https://github.com/dchester/jsonpath/releases/tag/0.2.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.7/manifests"},{"name":"0.2.6","sha":"9f27a03825db27c11006317ee013921e16cbc57c","kind":"commit","published_at":"2016-07-01T21:40:15.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/0.2.6","html_url":"https://github.com/dchester/jsonpath/releases/tag/0.2.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.6/manifests"},{"name":"0.2.5","sha":"51eae99646a55f20602a2d8c23dd48df9e98e79b","kind":"commit","published_at":"2016-06-17T16:26:45.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/0.2.5","html_url":"https://github.com/dchester/jsonpath/releases/tag/0.2.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.5/manifests"},{"name":"0.2.4","sha":"a06ff8a49290f77489cede70d626945d5526201a","kind":"commit","published_at":"2016-06-04T21:08:10.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/0.2.4","html_url":"https://github.com/dchester/jsonpath/releases/tag/0.2.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.4/manifests"},{"name":"0.2.3","sha":"381953d3a5aa351d1f6dc9a2811f69e49bcb509d","kind":"commit","published_at":"2016-05-14T19:16:21.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/0.2.3","html_url":"https://github.com/dchester/jsonpath/releases/tag/0.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.3/manifests"},{"name":"0.2.2","sha":"f615b9d468d5b24d60f4c0dd1388249c129cfd6a","kind":"commit","published_at":"2015-11-27T19:42:49.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/0.2.2","html_url":"https://github.com/dchester/jsonpath/releases/tag/0.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.2/manifests"},{"name":"0.2.1","sha":"d5722d28fe5237f8a347a604823dd801ef4046e4","kind":"commit","published_at":"2015-11-20T14:16:37.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/0.2.1","html_url":"https://github.com/dchester/jsonpath/releases/tag/0.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.1/manifests"},{"name":"0.2.0","sha":"fa92d06016d75f3ecedc85229ecb41880db09933","kind":"commit","published_at":"2015-09-06T16:49:06.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/0.2.0","html_url":"https://github.com/dchester/jsonpath/releases/tag/0.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.2.0/manifests"},{"name":"0.1.8","sha":"f72e5ad80bf0b57fab7773c43f28d721645c2a3e","kind":"commit","published_at":"2015-06-22T02:16:30.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/0.1.8","html_url":"https://github.com/dchester/jsonpath/releases/tag/0.1.8","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.1.8","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.1.8/manifests"},{"name":"0.1.7","sha":"9fc29891dd90143f3618f691f0321f6c8a7478e7","kind":"commit","published_at":"2015-06-08T11:41:27.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/0.1.7","html_url":"https://github.com/dchester/jsonpath/releases/tag/0.1.7","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.1.7","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.1.7/manifests"},{"name":"0.1.6","sha":"b56b291d8394b9b7f605ebe146b9d2f56c4fda4d","kind":"commit","published_at":"2015-06-08T05:36:11.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/0.1.6","html_url":"https://github.com/dchester/jsonpath/releases/tag/0.1.6","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.1.6","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.1.6/manifests"},{"name":"0.1.5","sha":"855ddc0a1a8138e8361492eb620fca6fe21d6300","kind":"commit","published_at":"2015-06-07T19:07:18.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/0.1.5","html_url":"https://github.com/dchester/jsonpath/releases/tag/0.1.5","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.1.5","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.1.5/manifests"},{"name":"0.1.4","sha":"db582298a2f7a3741a55eb291af37b4950243692","kind":"commit","published_at":"2015-05-27T03:35:57.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/0.1.4","html_url":"https://github.com/dchester/jsonpath/releases/tag/0.1.4","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.1.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.1.4/manifests"},{"name":"0.1.3","sha":"30a839213dffe3bcc8eefddd74e18de2a2e21a67","kind":"commit","published_at":"2015-01-30T22:02:02.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/0.1.3","html_url":"https://github.com/dchester/jsonpath/releases/tag/0.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.1.3/manifests"},{"name":"0.1.2","sha":"9d294e7efa3c5b546b2ce1fac7449b87967a6211","kind":"commit","published_at":"2015-01-29T06:06:11.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/0.1.2","html_url":"https://github.com/dchester/jsonpath/releases/tag/0.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.1.2/manifests"},{"name":"0.1.1","sha":"167826a81fc1f859a9a316a865eb7d2fa532884e","kind":"commit","published_at":"2015-01-29T05:52:00.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/0.1.1","html_url":"https://github.com/dchester/jsonpath/releases/tag/0.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.1.1/manifests"},{"name":"0.1.0","sha":"367ad1326f65a66d136ab02df2eafaac2ba60c3a","kind":"commit","published_at":"2015-01-24T19:13:06.000Z","download_url":"https://codeload.github.com/dchester/jsonpath/tar.gz/0.1.0","html_url":"https://github.com/dchester/jsonpath/releases/tag/0.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchester%2Fjsonpath/tags/0.1.0/manifests"}]},"repo_metadata_updated_at":"2024-09-08T05:50:40.315Z","dependent_packages_count":1059,"downloads":13549500,"downloads_period":"last-month","dependent_repos_count":18744,"rankings":{"downloads":0.1583129992019668,"dependent_repos_count":0.20860939808472492,"dependent_packages_count":0.0700375507032207,"stargazers_count":2.3203776995375343,"forks_count":2.3682102862872694,"docker_downloads_count":0.0817294092484459,"average":0.8678795571771937},"purl":"pkg:npm/jsonpath","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/jsonpath","docker_dependents_count":503,"docker_downloads_count":610589358,"usage_url":"https://repos.ecosyste.ms/usage/npm/jsonpath","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/jsonpath/dependencies","status":null,"funding_links":[],"critical":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/jsonpath/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/jsonpath/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/jsonpath/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/jsonpath/related_packages","maintainers":[{"uuid":"dchester","login":"dchester","name":null,"email":"dchester@shutterstock.com","url":null,"packages_count":11,"html_url":"https://www.npmjs.com/~dchester","role":null,"created_at":"2022-11-12T23:13:11.715Z","updated_at":"2022-11-12T23:13:11.715Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/dchester/packages"}],"registry":{"name":"npmjs.org","url":"https://registry.npmjs.org","ecosystem":"npm","default":true,"packages_count":5008192,"maintainers_count":1013077,"namespaces_count":295677,"keywords_count":700469,"github":"npm","metadata":{"funded_packages_count":150263},"icon_url":"https://github.com/npm.png","created_at":"2022-04-04T15:19:23.081Z","updated_at":"2025-06-07T05:25:21.688Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/namespaces"}},"unique_repositories_count":694,"unique_repositories_count_past_30_days":13,"recent_issues":[{"uuid":"4559388419","node_id":"PR_kwDOOQ8rRs7hLKGw","number":26,"state":"open","title":"Bump jsonpath from 1.1.1 to 1.3.0","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-31T23:39:45.000Z","updated_at":"2026-05-31T23:42:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"}],"path":null,"ecosystem":"npm"},"body":"Bumps [jsonpath](https://github.com/dchester/jsonpath) from 1.1.1 to 1.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jsonpath\u0026package-manager=npm_and_yarn\u0026previous-version=1.1.1\u0026new-version=1.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dlep17/fsl-index/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/dlep17/fsl-index/pull/26","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlep17%2Ffsl-index/issues/26","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/26/packages"},{"uuid":"4536885356","node_id":"PR_kwDONp4dDM7gDViV","number":1,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 25 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-28T01:11:03.000Z","updated_at":"2026-05-28T01:11:31.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":25,"packages":[{"name":"axios","old_version":"1.7.9","new_version":"1.15.2","repository_url":"https://github.com/axios/axios"},{"name":"postcss","old_version":"8.5.0","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"@babel/helpers","old_version":"7.26.0","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.25.9","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"form-data","old_version":"3.0.2","new_version":"3.0.4","repository_url":"https://github.com/form-data/form-data"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.0.5","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.2","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"http-proxy-middleware","old_version":"2.0.7","new_version":"2.0.9","repository_url":"https://github.com/chimurai/http-proxy-middleware"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"on-headers","old_version":"1.0.2","new_version":"1.1.0","repository_url":"https://github.com/jshttp/on-headers"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"2.7.0","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"},{"name":"react-router","old_version":"7.1.1","new_version":"7.15.1","repository_url":"https://github.com/remix-run/react-router"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"webpack","old_version":"5.97.1","new_version":"5.107.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 22 updates in the /frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.7.9` | `1.15.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.0` | `8.5.10` |\n| [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.26.0` | `7.29.7` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.25.9` | `7.29.7` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [form-data](https://github.com/form-data/form-data) | `3.0.2` | `3.0.4` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.15` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.5` | `3.1.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.2` | `3.4.2` |\n| [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.7` | `2.0.9` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [yaml](https://github.com/eemeli/yaml) | `2.7.0` | `2.9.0` |\n| [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `7.1.1` | `7.15.1` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.97.1` | `5.107.2` |\n\n\nUpdates `axios` from 1.7.9 to 1.15.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eLocation\u003c/code\u003e Request Header Type:\u003c/strong\u003e Adds \u003ccode\u003eLocation\u003c/code\u003e to \u003ccode\u003eCommonRequestHeadersList\u003c/code\u003e for accurate typing of redirect-aware requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7528\"\u003e#7528\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormData Handling:\u003c/strong\u003e Removes \u003ccode\u003eContent-Type\u003c/code\u003e when no boundary is present on \u003ccode\u003eFormData\u003c/code\u003e fetch requests, supports multi-select fields, cancels \u003ccode\u003erequest.body\u003c/code\u003e instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7314\"\u003e#7314\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10676\"\u003e#10676\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10702\"\u003e#10702\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10726\"\u003e#10726\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter:\u003c/strong\u003e Handles socket-only request errors without leaking keep-alive listeners. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10576\"\u003e#10576\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProgress Events:\u003c/strong\u003e Clamps \u003ccode\u003eloaded\u003c/code\u003e to \u003ccode\u003etotal\u003c/code\u003e for computable upload/download progress events. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7458\"\u003e#7458\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes:\u003c/strong\u003e Aligns \u003ccode\u003erunWhen\u003c/code\u003e type with the runtime behaviour in \u003ccode\u003eInterceptorManager\u003c/code\u003e and makes response header keys case-insensitive. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7529\"\u003e#7529\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10677\"\u003e#10677\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ebuildFullPath\u003c/code\u003e:\u003c/strong\u003e Uses strict equality in the base/relative URL check. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7252\"\u003e#7252\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eAxiosURLSearchParams\u003c/code\u003e Regex:\u003c/strong\u003e Improves the regex used for param serialisation to avoid edge-case mismatches. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10736\"\u003e#10736\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eResilient Value Parsing:\u003c/strong\u003e Parses out header/config values instead of throwing on malformed input. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10687\"\u003e#10687\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2 - April 21, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.15.1 - April 19, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/582934382e4e0e0bcb679c628071a4203e93cf57\"\u003e\u003ccode\u003e5829343\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10789\"\u003e#10789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4709a48fa2717ba97f43f5432d48ca4e26c2d326\"\u003e\u003ccode\u003e4709a48\u003c/code\u003e\u003c/a\u003e fix: added fix for memory leak in sockets (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/be3336014e01f9a4fc1f8aef15303cf7daaf58db\"\u003e\u003ccode\u003ebe33360\u003c/code\u003e\u003c/a\u003e chore: update changelog (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa\"\u003e\u003ccode\u003e4791514\u003c/code\u003e\u003c/a\u003e fix: more header pollutions (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/6feafcff6c2dbafe206161c5d09e38e1d36af66f\"\u003e\u003ccode\u003e6feafcf\u003c/code\u003e\u003c/a\u003e fix: socket issue (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/302e2739c602f00e323d4f3f5c79500647633a73\"\u003e\u003ccode\u003e302e273\u003c/code\u003e\u003c/a\u003e docs: update docs, add a couple actions etc (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ac42446be51300fe214ba3c6e40cc95f34fd6871\"\u003e\u003ccode\u003eac42446\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10767\"\u003e#10767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/908f2206b6bfeff67236784abce85935698ac1d9\"\u003e\u003ccode\u003e908f220\u003c/code\u003e\u003c/a\u003e docs: update threatmodel (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10765\"\u003e#10765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f93f8155250c2e066205521eda05ae22983a1f6d\"\u003e\u003ccode\u003ef93f815\u003c/code\u003e\u003c/a\u003e docs: added docs around potential decompressions bomb (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10763\"\u003e#10763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1728aa1b15b8857f970611fd8983c06b423fc486\"\u003e\u003ccode\u003e1728aa1\u003c/code\u003e\u003c/a\u003e fix: short-circuits on any truthy non-boolean in withXSRFToken (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.7.9...v1.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.0 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eInput#document\u003c/code\u003e for sources like CSS-in-JS or HTML (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.49\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax without \u003ccode\u003esource.offset\u003c/code\u003e (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.0...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/helpers` from 7.26.0 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/helpers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/37d5595fca9f188f0534458180611f2e776acd31\"\u003e\u003ccode\u003e37d5595\u003c/code\u003e\u003c/a\u003e v7.29.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/1c0a08d95ae7e1c788c7e1ae3a10ee53f7c86864\"\u003e\u003ccode\u003e1c0a08d\u003c/code\u003e\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17805\"\u003e#17805\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/d7f400889567ae18ef9ac41b024b5120f6060e17\"\u003e\u003ccode\u003ed7f4008\u003c/code\u003e\u003c/a\u003e v7.28.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/99dcba5e71de3bd81ce14077cfa5b6df58e9b177\"\u003e\u003ccode\u003e99dcba5\u003c/code\u003e\u003c/a\u003e chore: enable some ts-eslint rules (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17592\"\u003e#17592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/c1b55f6ad56523ccc96fa68721de0bed2f2cdb23\"\u003e\u003ccode\u003ec1b55f6\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003eeslint.config.mts\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17573\"\u003e#17573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/35055e392079a65830b7bf5b1d1c1fc4de90a78f\"\u003e\u003ccode\u003e35055e3\u003c/code\u003e\u003c/a\u003e v7.28.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/18d88b83c67c8dbbe63e4ac423e6006c4c01b85c\"\u003e\u003ccode\u003e18d88b8\u003c/code\u003e\u003c/a\u003e Improve \u003ccode\u003e@​babel/core\u003c/code\u003e typings (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17471\"\u003e#17471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/ef155f5ca83c73dbc1ea8d95216830b7dc3b0ac2\"\u003e\u003ccode\u003eef155f5\u003c/code\u003e\u003c/a\u003e v7.28.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/741cbd2381ac0cda3afd42bc04454a87d9d8762a\"\u003e\u003ccode\u003e741cbd2\u003c/code\u003e\u003c/a\u003e chore: fix various typos across codebase (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17476\"\u003e#17476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-helpers\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/helpers\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.25.9 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.14.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `form-data` from 3.0.2 to 3.0.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/form-data/form-data/blob/master/CHANGELOG.md\"\u003eform-data's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.3...v3.0.4\"\u003ev3.0.4\u003c/a\u003e - 2025-07-16\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/577\"\u003e\u003ccode\u003e[#577](https://github.com/form-data/form-data/issues/577)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[eslint] update linting config \u003ca href=\"https://github.com/form-data/form-data/commit/f5e7eb024bc3fc7e2074ff80f143a4f4cbc1dbda\"\u003e\u003ccode\u003ef5e7eb0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5\"\u003e\u003ccode\u003ed2eb290\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23 \u003ca href=\"https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f\"\u003e\u003ccode\u003ee8c574c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values \u003ca href=\"https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd\"\u003e\u003ccode\u003ec6ced61\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003ehasown\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/1a78b5dd05e508d67e97764d812ac7c6d92ea88d\"\u003e\u003ccode\u003e1a78b5d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method \u003ca href=\"https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4\"\u003e\u003ccode\u003e70bbaa0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add tests to check the behavior of \u003ccode\u003egetBoundary\u003c/code\u003e with non-strings \u003ca href=\"https://github.com/form-data/form-data/commit/b22a64ef94ba4f3f6ff7d1ac72a54cca128567df\"\u003e\u003ccode\u003eb22a64e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] actually ensure the readme backup isn’t published \u003ca href=\"https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea\"\u003e\u003ccode\u003e0150851\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] remove local commit hooks \u003ca href=\"https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769\"\u003e\u003ccode\u003efc42bb9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] remove unused deps \u003ca href=\"https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb\"\u003e\u003ccode\u003ea14d09e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix scripts to use prepublishOnly \u003ca href=\"https://github.com/form-data/form-data/commit/11d9f7338f18a59b431832a3562b49baece0a432\"\u003e\u003ccode\u003e11d9f73\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix readme capitalization \u003ca href=\"https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932\"\u003e\u003ccode\u003efc38b48\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.2...v3.0.3\"\u003ev3.0.3\u003c/a\u003e - 2025-02-14\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/573\"\u003e\u003ccode\u003e[#573](https://github.com/form-data/form-data/issues/573)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/573\"\u003e#573\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/396\"\u003e\u003ccode\u003e[#396](https://github.com/form-data/form-data/issues/396)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003eObject.prototype.hasOwnProperty.call\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/7fecefe4ba8f775634aff86a698776ad95ecffb5\"\u003e\u003ccode\u003e7fecefe\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@types/node\u003c/code\u003e, \u003ccode\u003ebrowserify\u003c/code\u003e, \u003ccode\u003ecoveralls\u003c/code\u003e, \u003ccode\u003ecross-spawn\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003eformidable\u003c/code\u003e, \u003ccode\u003ein-publish\u003c/code\u003e, \u003ccode\u003epkgfiles\u003c/code\u003e, \u003ccode\u003epre-commit\u003c/code\u003e, \u003ccode\u003epuppeteer\u003c/code\u003e, \u003ccode\u003erequest\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e, \u003ccode\u003etypescript\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/8261fcb8bf5944d30ae3bd04b91b71d6a9932ef4\"\u003e\u003ccode\u003e8261fcb\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/form-data/form-data/commit/b82f59093cdbadb4b7ec0922d33ae7ab048b82ff\"\u003e\u003ccode\u003eb82f590\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] pin \u003ccode\u003erequest\u003c/code\u003e which via \u003ccode\u003etough-cookie\u003c/code\u003e ^2.4 depends on \u003ccode\u003epsl\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/e5df7f24383342264bd73dee3274818a40d04065\"\u003e\u003ccode\u003ee5df7f2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003emime-types\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/5a5bafee894fead10da49e1fa2b084e17f2e1034\"\u003e\u003ccode\u003e5a5bafe\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/9c82fcdf0858b2764060a87803a55375ffbee6ed\"\u003e\u003ccode\u003e9c82fcd\u003c/code\u003e\u003c/a\u003e v3.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f\"\u003e\u003ccode\u003ee8c574c\u003c/code\u003e\u003c/a\u003e [Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd\"\u003e\u003ccode\u003ec6ced61\u003c/code\u003e\u003c/a\u003e [Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea\"\u003e\u003ccode\u003e0150851\u003c/code\u003e\u003c/a\u003e [meta] actually ensure the readme backup isn’t published\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932\"\u003e\u003ccode\u003efc38b48\u003c/code\u003e\u003c/a\u003e [meta] fix readme capitalization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5\"\u003e\u003ccode\u003ed2eb290\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769\"\u003e\u003ccode\u003efc42bb9\u003c/code\u003e\u003c/a\u003e [meta] remove local commit hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb\"\u003e\u003ccode\u003ea14d09e\u003c/code\u003e\u003c/a\u003e [Dev Deps] remove unused deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/002b9b0c4862576305292ac44f7be25ec7ccea0e\"\u003e\u003ccode\u003e002b9b0\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4\"\u003e\u003ccode\u003e70bbaa0\u003c/code\u003e\u003c/a\u003e [Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.2...v3.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)  0b09384\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2203f4f4895eba16c4d408b4219ce1b8e5f6ff24\"\u003e\u003ccode\u003e2203f4f\u003c/code\u003e\u003c/a\u003e 1.1.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0b0938410732370559704230724ca4a44d1b29fd\"\u003e\u003ccode\u003e0b09384\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.0.5 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove master branch support by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/126\"\u003efastify/fast-uri#126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(test) remove .gitkeep by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/128\"\u003efastify/fast-uri#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): set job permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/129\"\u003efastify/fast-uri#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set permissions at workflow level by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/131\"\u003efastify/fast-uri#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set workflow permissions to read-only by default by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/132\"\u003efastify/fast-uri#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): restore job level permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/133\"\u003efastify/fast-uri#133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.31.2 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/134\"\u003efastify/fast-uri#134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): pin actions to commit-hash by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/135\"\u003efastify/fast-uri#135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add node 24 to test matrix by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/136\"\u003efastify/fast-uri#136\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.0.5...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c...\n\n_Description has been truncated_","html_url":"https://github.com/sam1am/auth-boilerplate/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sam1am%2Fauth-boilerplate/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4507370312","node_id":"PR_kwDOL03oAc7elLdW","number":2,"state":"open","title":"Bump the npm_and_yarn group across 2 directories with 21 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-23T07:45:38.000Z","updated_at":"2026-05-23T07:46:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":21,"packages":[{"name":"uuid","old_version":"9.0.1","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"qs","old_version":"6.14.0","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"axios","old_version":"1.12.0","new_version":"1.15.2","repository_url":"https://github.com/axios/axios"},{"name":"multer","old_version":"2.0.2","new_version":"2.1.1","repository_url":"https://github.com/expressjs/multer"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.24.1","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.3","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"2.4.2","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"},{"name":"react-router","old_version":"6.23.0","new_version":"6.30.3","repository_url":"https://github.com/remix-run/react-router"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"webpack","old_version":"5.103.0","new_version":"5.107.1","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 3 updates in the / directory: [uuid](https://github.com/uuidjs/uuid), [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [qs](https://github.com/ljharb/qs).\nBumps the npm_and_yarn group with 19 updates in the /client directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [uuid](https://github.com/uuidjs/uuid) | `9.0.1` | `14.0.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [qs](https://github.com/ljharb/qs) | `6.14.0` | `6.15.2` |\n| [axios](https://github.com/axios/axios) | `1.12.0` | `1.15.2` |\n| [multer](https://github.com/expressjs/multer) | `2.0.2` | `2.1.1` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.24.1` | `7.29.4` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.3` | `1.4.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [yaml](https://github.com/eemeli/yaml) | `2.4.2` | `2.9.0` |\n| [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `6.23.0` | `6.30.3` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.103.0` | `5.107.1` |\n\n\nUpdates `uuid` from 9.0.1 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v9.0.1...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.7 / 2015-07-28\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression with escaped round brackets and matching groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.6 / 2015-06-19\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eindex\u003c/code\u003e feature by outputting all parameters, unnamed and named.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.5 / 2015-05-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an index property for position in match result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.4 / 2015-03-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd license information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.3 / 2014-07-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBetter array support\u003c/li\u003e\n\u003cli\u003eImproved support for trailing slash in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.0 / 2014-03-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eadd options.end\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.0.2 / 2013-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to match current express\u003c/li\u003e\n\u003cli\u003eadd .license property to component.json\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0\"\u003e\u003ccode\u003e9fd0c87\u003c/code\u003e\u003c/a\u003e 0.1.13 (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/425\"\u003e#425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45\"\u003e\u003ccode\u003e7ccf02c\u003c/code\u003e\u003c/a\u003e fix: CVE-2026-4867\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for path-to-regexp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.0 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.0...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 9.0.1 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v9.0.1...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.7 / 2015-07-28\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression with escaped round brackets and matching groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.6 / 2015-06-19\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eindex\u003c/code\u003e feature by outputting all parameters, unnamed and named.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.5 / 2015-05-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an index property for position in match result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.4 / 2015-03-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd license information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.3 / 2014-07-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBetter array support\u003c/li\u003e\n\u003cli\u003eImproved support for trailing slash in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.0 / 2014-03-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eadd options.end\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.0.2 / 2013-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to match current express\u003c/li\u003e\n\u003cli\u003eadd .license property to component.json\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0\"\u003e\u003ccode\u003e9fd0c87\u003c/code\u003e\u003c/a\u003e 0.1.13 (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/425\"\u003e#425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45\"\u003e\u003ccode\u003e7ccf02c\u003c/code\u003e\u003c/a\u003e fix: CVE-2026-4867\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for path-to-regexp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.0 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.0...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.12.0 to 1.15.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eLocation\u003c/code\u003e Request Header Type:\u003c/strong\u003e Adds \u003ccode\u003eLocation\u003c/code\u003e to \u003ccode\u003eCommonRequestHeadersList\u003c/code\u003e for accurate typing of redirect-aware requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7528\"\u003e#7528\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormData Handling:\u003c/strong\u003e Removes \u003ccode\u003eContent-Type\u003c/code\u003e when no boundary is present on \u003ccode\u003eFormData\u003c/code\u003e fetch requests, supports multi-select fields, cancels \u003ccode\u003erequest.body\u003c/code\u003e instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7314\"\u003e#7314\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10676\"\u003e#10676\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10702\"\u003e#10702\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10726\"\u003e#10726\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter:\u003c/strong\u003e Handles socket-only request errors without leaking keep-alive listeners. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10576\"\u003e#10576\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProgress Events:\u003c/strong\u003e Clamps \u003ccode\u003eloaded\u003c/code\u003e to \u003ccode\u003etotal\u003c/code\u003e for computable upload/download progress events. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7458\"\u003e#7458\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes:\u003c/strong\u003e Aligns \u003ccode\u003erunWhen\u003c/code\u003e type with the runtime behaviour in \u003ccode\u003eInterceptorManager\u003c/code\u003e and makes response header keys case-insensitive. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7529\"\u003e#7529\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10677\"\u003e#10677\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ebuildFullPath\u003c/code\u003e:\u003c/strong\u003e Uses strict equality in the base/relative URL check. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7252\"\u003e#7252\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eAxiosURLSearchParams\u003c/code\u003e Regex:\u003c/strong\u003e Improves the regex used for param serialisation to avoid edge-case mismatches. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10736\"\u003e#10736\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eResilient Value Parsing:\u003c/strong\u003e Parses out header/config values instead of throwing on malformed input. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10687\"\u003e#10687\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2 - April 21, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.15.1 - April 19, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/582934382e4e0e0bcb679c628071a4203e93cf57\"\u003e\u003ccode\u003e5829343\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10789\"\u003e#10789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4709a48fa2717ba97f43f5432d48ca4e26c2d326\"\u003e\u003ccode\u003e4709a48\u003c/code\u003e\u003c/a\u003e fix: added fix for memory leak in sockets (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/be3336014e01f9a4fc1f8aef15303cf7daaf58db\"\u003e\u003ccode\u003ebe33360\u003c/code\u003e\u003c/a\u003e chore: update changelog (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa\"\u003e\u003ccode\u003e4791514\u003c/code\u003e\u003c/a\u003e fix: more header pollutions (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/6feafcff6c2dbafe206161c5d09e38e1d36af66f\"\u003e\u003ccode\u003e6feafcf\u003c/code\u003e\u003c/a\u003e fix: socket issue (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/302e2739c602f00e323d4f3f5c79500647633a73\"\u003e\u003ccode\u003e302e273\u003c/code\u003e\u003c/a\u003e docs: update docs, add a couple actions etc (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ac42446be51300fe214ba3c6e40cc95f34fd6871\"\u003e\u003ccode\u003eac42446\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10767\"\u003e#10767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/908f2206b6bfeff67236784abce85935698ac1d9\"\u003e\u003ccode\u003e908f220\u003c/code\u003e\u003c/a\u003e docs: update threatmodel (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10765\"\u003e#10765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f93f8155250c2e066205521eda05ae22983a1f6d\"\u003e\u003ccode\u003ef93f815\u003c/code\u003e\u003c/a\u003e docs: added docs around potential decompressions bomb (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10763\"\u003e#10763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1728aa1b15b8857f970611fd8983c06b423fc486\"\u003e\u003ccode\u003e1728aa1\u003c/code\u003e\u003c/a\u003e fix: short-circuits on any truthy non-boolean in withXSRFToken (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.12.0...v1.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `multer` from 2.0.2 to 2.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/multer/releases\"\u003emulter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.1\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3520\"\u003eCVE-2026-3520\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2\"\u003eGHSA-5528-5vmv-3xc2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: add node version to 25.x in CI by \u003ca href=\"https://github.com/imangas\"\u003e\u003ccode\u003e@​imangas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1372\"\u003eexpressjs/multer#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1378\"\u003eexpressjs/multer#1378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1377\"\u003eexpressjs/multer#1377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1376\"\u003eexpressjs/multer#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1375\"\u003eexpressjs/multer#1375\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 4.1.1 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1374\"\u003eexpressjs/multer#1374\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix error/abort handling by \u003ca href=\"https://github.com/ctcpip\"\u003e\u003ccode\u003e@​ctcpip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1373\"\u003eexpressjs/multer#1373\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e2.1.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1380\"\u003eexpressjs/multer#1380\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/imangas\"\u003e\u003ccode\u003e@​imangas\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1372\"\u003eexpressjs/multer#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1378\"\u003eexpressjs/multer#1378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/multer/compare/v2.1.0...v2.1.1\"\u003ehttps://github.com/expressjs/multer/compare/v2.1.0...v2.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.1.0\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-2359\"\u003eCVE-2026-2359\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc\"\u003eGHSA-v52c-386h-88mc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3304\"\u003eCVE-2026-3304\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p\"\u003eGHSA-xf7r-hgr6-v32p\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: add funding to package.json by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1346\"\u003eexpressjs/multer#1346\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop mkdirp dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1350\"\u003eexpressjs/multer#1350\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop object-assign dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1351\"\u003eexpressjs/multer#1351\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop xtend dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1352\"\u003eexpressjs/multer#1352\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(gitignore): ignore .nyc_output directory by \u003ca href=\"https://github.com/ShubhamOulkar\"\u003e\u003ccode\u003e@​ShubhamOulkar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1332\"\u003eexpressjs/multer#1332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in README-vi.md regarding file upload by \u003ca href=\"https://github.com/Kunniii\"\u003e\u003ccode\u003e@​Kunniii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1366\"\u003eexpressjs/multer#1366\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in README-pt-br.md for array method by \u003ca href=\"https://github.com/matheushbm192\"\u003e\u003ccode\u003e@​matheushbm192\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1367\"\u003eexpressjs/multer#1367\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eheaders-support-utf8 by \u003ca href=\"https://github.com/Doc999tor\"\u003e\u003ccode\u003e@​Doc999tor\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003eexpressjs/multer#1210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Turkish translation (README-tr.md) by \u003ca href=\"https://github.com/Sabandogan\"\u003e\u003ccode\u003e@​Sabandogan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1360\"\u003eexpressjs/multer#1360\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 2.1.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1371\"\u003eexpressjs/multer#1371\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1350\"\u003eexpressjs/multer#1350\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ShubhamOulkar\"\u003e\u003ccode\u003e@​ShubhamOulkar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1332\"\u003eexpressjs/multer#1332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kunniii\"\u003e\u003ccode\u003e@​Kunniii\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1366\"\u003eexpressjs/multer#1366\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matheushbm192\"\u003e\u003ccode\u003e@​matheushbm192\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1367\"\u003eexpressjs/multer#1367\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Doc999tor\"\u003e\u003ccode\u003e@​Doc999tor\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003eexpressjs/multer#1210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Sabandogan\"\u003e\u003ccode\u003e@​Sabandogan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1360\"\u003eexpressjs/multer#1360\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/multer/compare/v2.0.2...v2.1.0\"\u003ehttps://github.com/expressjs/multer/compare/v2.0.2...v2.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/multer/blob/main/CHANGELOG.md\"\u003emulter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3520\"\u003eCVE-2026-3520\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2\"\u003eGHSA-5528-5vmv-3xc2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix error/abort handling\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003edefParamCharset\u003c/code\u003e option for UTF-8 filename support (\u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-2359\"\u003eCVE-2026-2359\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc\"\u003eGHSA-v52c-386h-88mc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3304\"\u003eCVE-2026-3304\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p\"\u003eGHSA-xf7r-hgr6-v32p\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/368c8a10cca11854cf17c24029fefd1eafb1c059\"\u003e\u003ccode\u003e368c8a1\u003c/code\u003e\u003c/a\u003e 2.1.1 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1380\"\u003e#1380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752\"\u003e\u003ccode\u003e7e66481\u003c/code\u003e\u003c/a\u003e 🐛 fix recursion issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/643571ef85e9db94b87a777773f4d67156f82a3e\"\u003e\u003ccode\u003e643571e\u003c/code\u003e\u003c/a\u003e ✅ add explicit test for client able to send body without abrupt disconnect\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/e86fa523753f8d54ad0687bf52fb20044b6fa309\"\u003e\u003ccode\u003ee86fa52\u003c/code\u003e\u003c/a\u003e fix error/abort handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/ca37779bf1f531a70af9977805380d0f51d293e2\"\u003e\u003ccode\u003eca37779\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/checkout from 4.1.1 to 6.0.2 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1374\"\u003e#1374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/13088f41e3bf8c3fc21d8c2867ffafb42470ed09\"\u003e\u003ccode\u003e13088f4\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1375\"\u003e#1375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/bc6a1d1374f7ddc9baf9d22bf7c30f831c621e3a\"\u003e\u003ccode\u003ebc6a1d1\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1376\"\u003e#1376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/...\n\n_Description has been truncated_","html_url":"https://github.com/rorymclaughlin432/admin-dashboard-charts/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/rorymclaughlin432%2Fadmin-dashboard-charts/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4505962056","node_id":"PR_kwDOMokASM7eg0_2","number":32,"state":"closed","title":"Bump the npm_and_yarn group across 1 directory with 12 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-23T00:13:35.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T22:43:48.000Z","updated_at":"2026-05-23T00:13:37.000Z","time_to_close":5387,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":12,"packages":[{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.27.1","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"immutable","old_version":"5.1.3","new_version":"5.1.5","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"webpack","old_version":"5.101.3","new_version":"5.107.1","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 11 updates in the /maubot/management/frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.27.1` | `7.29.4` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `5.1.3` | `5.1.5` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.101.3` | `5.107.1` |\n\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.27.1 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `immutable` from 5.1.3 to 5.1.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/immutable-js/immutable-js/releases\"\u003eimmutable's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.1.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable\u003c/li\u003e\n\u003cli\u003eUpgrade devtools and use immutable version by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2158\"\u003eimmutable-js/immutable-js#2158\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v5.1.4...v5.1.5\"\u003ehttps://github.com/immutable-js/immutable-js/compare/v5.1.4...v5.1.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.1.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate some files to TS by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2125\"\u003eimmutable-js/immutable-js#2125\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eIterator.ts\u003c/li\u003e\n\u003cli\u003ePairSorting.ts\u003c/li\u003e\n\u003cli\u003etoJS.ts\u003c/li\u003e\n\u003cli\u003eMath.ts\u003c/li\u003e\n\u003cli\u003eHash.ts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eExtract CollectionHelperMethods and convert to TS by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2131\"\u003eimmutable-js/immutable-js#2131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse npm \u003ca href=\"https://docs.npmjs.com/trusted-publishers\"\u003etrusted publishing only\u003c/a\u003e to avoid token stealing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix/a11y issues by \u003ca href=\"https://github.com/lyannel\"\u003e\u003ccode\u003e@​lyannel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2136\"\u003eimmutable-js/immutable-js#2136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDoc add Map.get signature update by \u003ca href=\"https://github.com/borracciaBlu\"\u003e\u003ccode\u003e@​borracciaBlu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2138\"\u003eimmutable-js/immutable-js#2138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(doc):minor-issues#2132 by \u003ca href=\"https://github.com/JayMeDotDot\"\u003e\u003ccode\u003e@​JayMeDotDot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2133\"\u003eimmutable-js/immutable-js#2133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix algolia search by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2135\"\u003eimmutable-js/immutable-js#2135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTypo in OrderedMap by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2144\"\u003eimmutable-js/immutable-js#2144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: Sort all imports and activate eslint import rule by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2119\"\u003eimmutable-js/immutable-js#2119\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JayMeDotDot\"\u003e\u003ccode\u003e@​JayMeDotDot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2133\"\u003eimmutable-js/immutable-js#2133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lyannel\"\u003e\u003ccode\u003e@​lyannel\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2136\"\u003eimmutable-js/immutable-js#2136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/borracciaBlu\"\u003e\u003ccode\u003e@​borracciaBlu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2138\"\u003eimmutable-js/immutable-js#2138\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v5.1.3...v5.1.4\"\u003ehttps://github.com/immutable-js/immutable-js/compare/v5.1.3...v5.1.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md\"\u003eimmutable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.1.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate some files to TS by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2125\"\u003eimmutable-js/immutable-js#2125\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eIterator.ts\u003c/li\u003e\n\u003cli\u003ePairSorting.ts\u003c/li\u003e\n\u003cli\u003etoJS.ts\u003c/li\u003e\n\u003cli\u003eMath.ts\u003c/li\u003e\n\u003cli\u003eHash.ts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eExtract CollectionHelperMethods and convert to TS by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2131\"\u003eimmutable-js/immutable-js#2131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse npm \u003ca href=\"https://docs.npmjs.com/trusted-publishers\"\u003etrusted publishing only\u003c/a\u003e to avoid token stealing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix/a11y issues by \u003ca href=\"https://github.com/lyannel\"\u003e\u003ccode\u003e@​lyannel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2136\"\u003eimmutable-js/immutable-js#2136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDoc add Map.get signature update by \u003ca href=\"https://github.com/borracciaBlu\"\u003e\u003ccode\u003e@​borracciaBlu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2138\"\u003eimmutable-js/immutable-js#2138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(doc):minor-issues#2132 by \u003ca href=\"https://github.com/JayMeDotDot\"\u003e\u003ccode\u003e@​JayMeDotDot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2133\"\u003eimmutable-js/immutable-js#2133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix algolia search by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2135\"\u003eimmutable-js/immutable-js#2135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTypo in OrderedMap by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2144\"\u003eimmutable-js/immutable-js#2144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: Sort all imports and activate eslint import rule by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2119\"\u003eimmutable-js/immutable-js#2119\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/b37b85568632227751ddc8a16034cacc0f42b652\"\u003e\u003ccode\u003eb37b855\u003c/code\u003e\u003c/a\u003e 5.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/16b3313fdf2c5f579f10799e22869f6909abf945\"\u003e\u003ccode\u003e16b3313\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/fd2ef4977ee654c5bf26368dbf2f983c8d679bd6\"\u003e\u003ccode\u003efd2ef49\u003c/code\u003e\u003c/a\u003e fix new proto key injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/6734b7b2af7e9dadf517eb9473cc64d2dfe2e301\"\u003e\u003ccode\u003e6734b7b\u003c/code\u003e\u003c/a\u003e fix Prototype Pollution in mergeDeep, toJS, etc.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/6f772de1e44dcde14128e48d19081a7a077f2162\"\u003e\u003ccode\u003e6f772de\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/2175\"\u003e#2175\u003c/a\u003e from immutable-js/dependabot/npm_and_yarn/rollup-4.59.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/5f3dc61fd0e231654f04a850b8764e7e864c54b3\"\u003e\u003ccode\u003e5f3dc61\u003c/code\u003e\u003c/a\u003e Bump rollup from 4.34.8 to 4.59.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/049a594410962c13dfd0f2d0bf0ef2154271079e\"\u003e\u003ccode\u003e049a594\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/2173\"\u003e#2173\u003c/a\u003e from immutable-js/dependabot/npm_and_yarn/lodash-4.1...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/2481a77331122eea4ace8afd4842042c6ae7510c\"\u003e\u003ccode\u003e2481a77\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/2172\"\u003e#2172\u003c/a\u003e from mrazauskas/update-tstyche\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/eb047790b44dac8e5ace49529a5c9928edfc8e12\"\u003e\u003ccode\u003eeb04779\u003c/code\u003e\u003c/a\u003e Bump lodash from 4.17.21 to 4.17.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/b973bf3b6242c9966143169825e1e14248c07c31\"\u003e\u003ccode\u003eb973bf3\u003c/code\u003e\u003c/a\u003e format\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v5.1.3...v5.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for immutable since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsonpath` from 1.1.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 2.79.2 to 2.80.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.80.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6277\"\u003e#6277\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d17ae15336a45c3c59b2a4aacac2b14186035d28\"\u003e\u003ccode\u003ed17ae15\u003c/code\u003e\u003c/a\u003e 2.80.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\"\u003e\u003ccode\u003ed6dee5e\u003c/code\u003e\u003c/a\u003e Validate bundle stays within output dir (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rollup/rollup/compare/v2.79.2...v2.80.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `underscore` from 1.12.1 to 1.13.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/bd2d35c87620a7da36250a006c97fdae89f4902d\"\u003e\u003ccode\u003ebd2d35c\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'upstream/master'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/2e7c0f2841f5d2d0172ee42a762193898a663e30\"\u003e\u003ccode\u003e2e7c0f2\u003c/code\u003e\u003c/a\u003e Update generated files, tag 1.13.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/732cafe9f580b6ee8fcb2102fe1babb65b29b810\"\u003e\u003ccode\u003e732cafe\u003c/code\u003e\u003c/a\u003e Underscore 1.13.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/e8f86fb4c670ff00abade85064c4a9cf4456fbbd\"\u003e\u003ccode\u003ee8f86fb\u003c/code\u003e\u003c/a\u003e Add changelog entry for versioin 1.13.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/43e827a166f3bdff061e0372dec73f42e6a225e1\"\u003e\u003ccode\u003e43e827a\u003c/code\u003e\u003c/a\u003e Bump the version to 1.13.6 (hotfix)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1c1d1a278a8c617c3be052cafcb1717910e0e64a\"\u003e\u003ccode\u003e1c1d1a2\u003c/code\u003e\u003c/a\u003e Remove patch-package postinstall script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4eb6894351edf20d589d2c2df7f20befeaf4a3e8\"\u003e\u003ccode\u003e4eb6894\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/2974\"\u003e#2974\u003c/a\u003e from paulsmithkc/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/2edcdc18b64db878b887a6047300e724995481e4\"\u003e\u003ccode\u003e2edcdc1\u003c/code\u003e\u003c/a\u003e Hostfix for broken builds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/66ee70d746399b3446a700492bc62f4117d4a21b\"\u003e\u003ccode\u003e66ee70d\u003c/code\u003e\u003c/a\u003e Verify that production and doc builds still work in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/68e5eb68635548846b4663479b9d0fc78d090b0a\"\u003e\u003ccode\u003e68e5eb6\u003c/code\u003e\u003c/a\u003e Update generated sources, tag 1.13.5 release\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.12.1...1.13.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack` from 5.101.3 to 5.107.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/releases\"\u003ewebpack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.107.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAlign the experimental HTML tokenizer with the WHATWG spec: fix offset-range bugs in the script-data, content-mode end-tag, attribute-value, and EOF states; surface tokenizer parse errors to consumers via a new \u003ccode\u003eparseError\u003c/code\u003e callback (\u003ccode\u003e\u0026quot;warning\u0026quot;\u003c/code\u003e when the tokenizer recovers and the emitted token is still well-formed, \u003ccode\u003e\u0026quot;error\u0026quot;\u003c/code\u003e when the offset range is incomplete — e.g. \u003ccode\u003eeof-in-tag\u003c/code\u003e); and add the full WHATWG named character references table so \u003ccode\u003edecodeHtmlEntities\u003c/code\u003e handles all named entities (including legacy bare forms like \u003ccode\u003e\u0026amp;AMP\u003c/code\u003e and multi-code-point entities like \u003ccode\u003e\u0026amp;NotEqualTilde;\u003c/code\u003e) with proper longest-prefix backtracking. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21000\"\u003e#21000\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eTree-shake CommonJS modules imported through a \u003ccode\u003econst NAME = require(LITERAL)\u003c/code\u003e binding when only static members of \u003ccode\u003eNAME\u003c/code\u003e are read. Previously webpack treated every export of such modules as referenced (because the bare \u003ccode\u003erequire()\u003c/code\u003e dependency reports \u003ccode\u003eEXPORTS_OBJECT_REFERENCED\u003c/code\u003e), so unused \u003ccode\u003eexports.x = ...\u003c/code\u003e assignments remained in the bundle even with \u003ccode\u003eusedExports\u003c/code\u003e enabled. The parser now forwards \u003ccode\u003eNAME.x\u003c/code\u003e / \u003ccode\u003eNAME.x()\u003c/code\u003e / \u003ccode\u003eNAME[\u0026quot;x\u0026quot;]\u003c/code\u003e accesses to the underlying \u003ccode\u003eCommonJsRequireDependency\u003c/code\u003e as referenced exports, falling back to the full exports object the moment \u003ccode\u003eNAME\u003c/code\u003e is read in any other context (passed by value, destructured later, accessed with a dynamic key, …). This brings the binding form to parity with the existing destructuring form (\u003ccode\u003econst { x } = require(...)\u003c/code\u003e). (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21003\"\u003e#21003\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eRangeError: Maximum call stack size exceeded\u003c/code\u003e thrown from \u003ccode\u003eHarmonyImportSideEffectDependency.getModuleEvaluationSideEffectsState\u003c/code\u003e on long linear chains of side-effect-free imports. \u003ccode\u003eNormalModule.getSideEffectsConnectionState\u003c/code\u003e previously descended through \u003ccode\u003eHarmonyImportSideEffectDependency.getModuleEvaluationSideEffectsState\u003c/code\u003e recursively, adding two stack frames per module, which overflowed V8's stack at a few thousand modules deep. The traversal is now iterative. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20993\"\u003e#20993\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eNormalModuleFactory\u003c/code\u003e parser/generator types: (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20999\"\u003e#20999\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emodule.generator.html\u003c/code\u003e now uses \u003ccode\u003eHtmlGeneratorOptions\u003c/code\u003e instead of \u003ccode\u003eEmptyGeneratorOptions\u003c/code\u003e (the \u003ccode\u003eextract\u003c/code\u003e option was hidden from the \u003ccode\u003ecreateGenerator\u003c/code\u003e / \u003ccode\u003egenerator\u003c/code\u003e hook types).\u003c/li\u003e\n\u003cli\u003eWebAssembly (\u003ccode\u003ewebassembly/async\u003c/code\u003e, \u003ccode\u003ewebassembly/sync\u003c/code\u003e) generator hooks now use \u003ccode\u003eEmptyGeneratorOptions\u003c/code\u003e instead of \u003ccode\u003eEmptyParserOptions\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eNormalModuleFactory#getParser\u003c/code\u003e / \u003ccode\u003ecreateParser\u003c/code\u003e / \u003ccode\u003egetGenerator\u003c/code\u003e / \u003ccode\u003ecreateGenerator\u003c/code\u003e are now generic over the module-type string, returning the specific parser/generator class for known types (e.g. \u003ccode\u003eJavascriptParser\u003c/code\u003e for \u003ccode\u003e\u0026quot;javascript/auto\u0026quot;\u003c/code\u003e, \u003ccode\u003eCssGenerator\u003c/code\u003e for \u003ccode\u003e\u0026quot;css\u0026quot;\u003c/code\u003e, etc.) instead of always returning the base \u003ccode\u003eParser\u003c/code\u003e / \u003ccode\u003eGenerator\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eNormalModuleCreateData\u003c/code\u003e is now generic over the module type so \u003ccode\u003eparser\u003c/code\u003e, \u003ccode\u003eparserOptions\u003c/code\u003e, \u003ccode\u003egenerator\u003c/code\u003e, and \u003ccode\u003egeneratorOptions\u003c/code\u003e are narrowed to the specific class / options for the given \u003ccode\u003etype\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLink import bindings used inside \u003ccode\u003edefine(...)\u003c/code\u003e callbacks in ES modules. Previously, \u003ccode\u003eHarmonyDetectionParserPlugin\u003c/code\u003e skipped walking the arguments of \u003ccode\u003edefine\u003c/code\u003e calls in harmony modules, so references to imported bindings inside an inline AMD \u003ccode\u003edefine\u003c/code\u003e factory (e.g. \u003ccode\u003edefine(function () { console.log(foo); })\u003c/code\u003e) were not rewritten to their imported references and could cause \u003ccode\u003eReferenceError\u003c/code\u003e at runtime. Inner graph usage analysis is also fixed for the related pattern \u003ccode\u003econst fn = function () { foo; }; define(fn);\u003c/code\u003e. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20990\"\u003e#20990\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTML-entry pipeline (\u003ccode\u003eexperiments.html\u003c/code\u003e + \u003ccode\u003eexperiments.css\u003c/code\u003e): emit \u003ccode\u003e\u0026lt;link rel=\u0026quot;stylesheet\u0026quot;\u0026gt;\u003c/code\u003e tags for CSS chunks reachable from a \u003ccode\u003e\u0026lt;script src\u0026gt;\u003c/code\u003e entry. Previously when the bundled JS imported CSS, the resulting \u003ccode\u003e.css\u003c/code\u003e file was emitted to disk but never referenced from the extracted HTML (no \u003ccode\u003e\u0026lt;link\u0026gt;\u003c/code\u003e tag), and when \u003ccode\u003esplitChunks\u003c/code\u003e extracted CSS into sibling chunks the HTML cloned the originating \u003ccode\u003e\u0026lt;script\u0026gt;\u003c/code\u003e for each one — producing \u003ccode\u003e\u0026lt;script src=\u0026quot;style.js\u0026quot;\u0026gt;\u003c/code\u003e pointing at non-existent JS filenames instead of \u003ccode\u003e\u0026lt;link rel=\u0026quot;stylesheet\u0026quot; href=\u0026quot;style.css\u0026quot;\u0026gt;\u003c/code\u003e. CSS chunks are now sorted by the entrypoint's module post-order index so the \u003ccode\u003e\u0026lt;link\u0026gt;\u003c/code\u003e tags also appear in source import order, fixing the cascade ordering issue documented in \u003ccode\u003ehtml-webpack-plugin#1838\u003c/code\u003e and \u003ccode\u003ewebpack/mini-css-extract-plugin#959\u003c/code\u003e for HTML-entry builds. \u003ccode\u003enonce\u003c/code\u003e/\u003ccode\u003ecrossorigin\u003c/code\u003e/\u003ccode\u003ereferrerpolicy\u003c/code\u003e are copied from the originating tag onto the emitted \u003ccode\u003e\u0026lt;link\u0026gt;\u003c/code\u003e. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21002\"\u003e#21002\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow \u003ccode\u003edevtool\u003c/code\u003e and \u003ccode\u003eSourceMapDevToolPlugin\u003c/code\u003e (or multiple \u003ccode\u003eSourceMapDevToolPlugin\u003c/code\u003e instances) to coexist on the same asset. Previously the second instance would silently skip any asset whose \u003ccode\u003einfo.related.sourceMap\u003c/code\u003e had already been set by an earlier instance, and even when it ran the asset had been rewrapped as a \u003ccode\u003eRawSource\u003c/code\u003e so no source map could be recovered — producing an empty \u003ccode\u003e.map\u003c/code\u003e file. The plugin now keeps a per-compilation stash of pristine source maps, namespaces its persistent cache entries by the options that affect output, and appends additional \u003ccode\u003erelated.sourceMap\u003c/code\u003e entries instead of overwriting them. The classic workaround of pairing \u003ccode\u003edevtool: 'hidden-source-map'\u003c/code\u003e with a \u003ccode\u003enew webpack.SourceMapDevToolPlugin({ filename: '[file].secondary.map', noSources: true })\u003c/code\u003e now produces both maps in a single build. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21001\"\u003e#21001\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNarrow \u003ccode\u003eTemplatePathFn\u003c/code\u003e callback types by context. \u003ccode\u003epathData.chunk\u003c/code\u003e is now non-optional for chunk filename callbacks (\u003ccode\u003eoutput.filename\u003c/code\u003e, \u003ccode\u003echunkFilename\u003c/code\u003e, \u003ccode\u003ecssFilename\u003c/code\u003e, \u003ccode\u003ecssChunkFilename\u003c/code\u003e, \u003ccode\u003ehtmlFilename\u003c/code\u003e, \u003ccode\u003ehtmlChunkFilename\u003c/code\u003e, \u003ccode\u003eoptimization.splitChunks.cacheGroups[*].filename\u003c/code\u003e), and \u003ccode\u003epathData.module\u003c/code\u003e is non-optional for module filename callbacks (\u003ccode\u003eoutput.assetModuleFilename\u003c/code\u003e, per-module \u003ccode\u003egenerator.filename\u003c/code\u003e / \u003ccode\u003egenerator.outputPath\u003c/code\u003e, \u003ccode\u003emodule.parser.css.localIdentName\u003c/code\u003e). (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20987\"\u003e#20987\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eTighten the \u003ccode\u003eCreateData\u003c/code\u003e typedef in \u003ccode\u003eNormalModuleFactory\u003c/code\u003e. \u003ccode\u003eCreateData\u003c/code\u003e now represents the fully-populated value passed to the \u003ccode\u003ecreateModule\u003c/code\u003e, \u003ccode\u003emodule\u003c/code\u003e, and \u003ccode\u003ecreateModuleClass\u003c/code\u003e hooks (\u003ccode\u003eNormalModuleCreateData \u0026amp; { settings: ModuleSettings }\u003c/code\u003e), while \u003ccode\u003eResolveData.createData\u003c/code\u003e is typed as \u003ccode\u003ePartial\u0026lt;CreateData\u0026gt;\u003c/code\u003e to reflect the empty initial state. Plugins tapping those hooks no longer need to cast individual fields away from optional. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20992\"\u003e#20992\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eStop \u003ccode\u003ewebpackPrefetch\u003c/code\u003e / \u003ccode\u003ewebpackPreload\u003c/code\u003e magic comments from leaking across \u003ccode\u003eimport()\u003c/code\u003e call sites that share a \u003ccode\u003ewebpackChunkName\u003c/code\u003e. When two imports targeted the same named chunk and only one of them set \u003ccode\u003ewebpackPrefetch: true\u003c/code\u003e, the prefetch directive was applied from every parent chunk that referenced the named chunk. Prefetch and preload orders are now resolved per \u003ccode\u003eimport()\u003c/code\u003e call site instead of from the shared chunk group's accumulated options. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20994\"\u003e#20994\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003e[fullhash:N]\u003c/code\u003e and \u003ccode\u003e[hash:N]\u003c/code\u003e (with length suffix) in \u003ccode\u003eoutput.publicPath\u003c/code\u003e not being interpolated at runtime. The detection regex in \u003ccode\u003eRuntimePlugin\u003c/code\u003e only matched \u003ccode\u003e[fullhash]\u003c/code\u003e / \u003ccode\u003e[hash]\u003c/code\u003e without a length suffix, so the \u003ccode\u003ePublicPathRuntimeModule\u003c/code\u003e was not flagged as a full-hash module and \u003ccode\u003e__webpack_require__.p\u003c/code\u003e was emitted with the placeholder \u003ccode\u003eXXXX\u003c/code\u003e left in place (e.g. \u003ccode\u003eout/XXXX/\u003c/code\u003e) instead of the real hash truncated to the requested length. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21004\"\u003e#21004\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-export \u003ccode\u003eModuleNotFoundError\u003c/code\u003e from \u003ccode\u003ewebpack/lib/ModuleNotFoundError\u003c/code\u003e for backward compatibility with old plugins that import it from that path. This re-export will be removed in webpack 6. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20988\"\u003e#20988\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.107.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003emodule.generator.javascript.anonymousDefaultExportName\u003c/code\u003e option to control whether webpack sets \u003ccode\u003e.name\u003c/code\u003e to \u003ccode\u003e\u0026quot;default\u0026quot;\u003c/code\u003e for anonymous default export functions and classes per ES spec. Defaults to \u003ccode\u003etrue\u003c/code\u003e for applications and \u003ccode\u003efalse\u003c/code\u003e for libraries (when \u003ccode\u003eoutput.library\u003c/code\u003e is set) to avoid unnecessary bundle size overhead. Also extract anonymous default export \u003ccode\u003e.name\u003c/code\u003e fix-up into a shared runtime helper (\u003ccode\u003e__webpack_require__.dn\u003c/code\u003e), replacing repeated inline \u003ccode\u003eObject.defineProperty\u003c/code\u003e / \u003ccode\u003eObject.getOwnPropertyDescriptor\u003c/code\u003e calls with a single short call per module to reduce output size. (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20894\"\u003e#20894\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport module concatenation (scope hoisting) for CSS modules with \u003ccode\u003etext\u003c/code\u003e, \u003ccode\u003ecss-style-sheet\u003c/code\u003e, \u003ccode\u003estyle\u003c/code\u003e, and \u003ccode\u003elink\u003c/code\u003e export types (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20851\"\u003e#20851\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ccode\u003egenerator.exportsConvention\u003c/code\u003e function form for CSS modules now accepts \u003ccode\u003estring[]\u003c/code\u003e in addition to \u003ccode\u003estring\u003c/code\u003e. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20914\"\u003e#20914\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003elinkInsert\u003c/code\u003e hook to \u003ccode\u003eCssLoadingRuntimeModule.getCompilationHooks(compilation)\u003c/code\u003e so plugin developers can control where stylesheet \u003ccode\u003e\u0026lt;link\u0026gt;\u003c/code\u003e elements are inserted into the document. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20947\"\u003e#20947\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003eCssModulesPlugin.getCompilationHooks(compilation).orderModules\u003c/code\u003e hook. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20978\"\u003e#20978\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd a \u003ccode\u003epure\u003c/code\u003e parser option for \u003ccode\u003ecss/module\u003c/code\u003e and \u003ccode\u003ecss/auto\u003c/code\u003e types matching \u003ccode\u003epostcss-modules-local-by-default\u003c/code\u003e's pure mode: every selector must contain at least one local class or id, otherwise webpack emits a build error. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20946\"\u003e#20946\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport CSS Modules \u003ccode\u003e@value\u003c/code\u003e identifiers as \u003ccode\u003e@import\u003c/code\u003e URLs and inside \u003ccode\u003eurl()\u003c/code\u003e functions, e.g. \u003ccode\u003e@value path: \u0026quot;./other.css\u0026quot;; @import path;\u003c/code\u003e and \u003ccode\u003e@value bg: \u0026quot;./image.png\u0026quot;; .a { background: url(bg); }\u003c/code\u003e (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20925\"\u003e#20925\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd experimental TypeScript support via \u003ccode\u003eexperiments.typescript: true\u003c/code\u003e (auto-enabled by \u003ccode\u003eexperiments.futureDefaults\u003c/code\u003e). Uses Node.js's built-in \u003ccode\u003emodule.stripTypeScriptTypes\u003c/code\u003e (Node.js \u0026gt;= 22.6 with the stable \u003ccode\u003emode: \u0026quot;strip\u0026quot;\u003c/code\u003e API, including Node.js 26) to transform \u003ccode\u003e.ts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e, \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003edata:text/typescript\u003c/code\u003e, and \u003ccode\u003edata:application/typescript\u003c/code\u003e modules — no type checking, only erasable TypeScript (types, generics, \u003ccode\u003eimport type\u003c/code\u003e, casts). \u003ccode\u003e.tsx\u003c/code\u003e/JSX and non-erasable syntax (\u003ccode\u003eenum\u003c/code\u003e, \u003ccode\u003enamespace\u003c/code\u003e, parameter-property constructors, decorator metadata) are NOT supported; use a TSX-capable loader (e.g. \u003ccode\u003ets-loader\u003c/code\u003e, \u003ccode\u003eswc-loader\u003c/code\u003e) for those. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20964\"\u003e#20964\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/blob/main/CHANGELOG.md\"\u003ewebpack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.107.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAlign the experimental HTML tokenizer with the WHATWG spec: fix offset-range bugs in the script-data, content-mode end-tag, attribute-value, and EOF states; surface tokenizer parse errors to consumers via a new \u003ccode\u003eparseError\u003c/code\u003e callback (\u003ccode\u003e\u0026quot;warning\u0026quot;\u003c/code\u003e when the tokenizer recovers and the emitted token is still well-formed, \u003ccode\u003e\u0026quot;error\u0026quot;\u003c/code\u003e when the offset range is incomplete — e.g. \u003ccode\u003eeof-in-tag\u003c/code\u003e); and add the full WHATWG named character references table so \u003ccode\u003edecodeHtmlEntities\u003c/code\u003e handles all named entities (including legacy bare forms like \u003ccode\u003e\u0026amp;AMP\u003c/code\u003e and multi-code-point entities like \u003ccode\u003e\u0026amp;NotEqualTilde;\u003c/code\u003e) with proper longest-prefix backtracking. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21000\"\u003e#21000\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eTree-shake CommonJS modules imported through a \u003ccode\u003econst NAME = require(LITERAL)\u003c/code\u003e binding when only static members of \u003ccode\u003eNAME\u003c/code\u003e are read. Previously webpack treated every export of such modules as referenced (because the bare \u003ccode\u003erequire()\u003c/code\u003e dependency reports \u003ccode\u003eEXPORTS_OBJECT_REFERENCED\u003c/code\u003e), so unused \u003ccode\u003eexports.x = ...\u003c/code\u003e assignments remained in the bundle even with \u003ccode\u003eusedExports\u003c/code\u003e enabled. The parser now forwards \u003ccode\u003eNAME.x\u003c/code\u003e / \u003ccode\u003eNAME.x()\u003c/code\u003e / \u003ccode\u003eNAME[\u0026quot;x\u0026quot;]\u003c/code\u003e accesses to the underlying \u003ccode\u003eCommonJsRequireDependency\u003c/code\u003e as referenced exports, falling back to the full exports object th...\n\n_Description has been truncated_","html_url":"https://github.com/tcpipuk/maubot/pull/32","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tcpipuk%2Fmaubot/issues/32","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/32/packages"},{"uuid":"4500144155","node_id":"PR_kwDOR-G2Z87eN80m","number":2,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 27 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-24T09:29:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T05:37:25.000Z","updated_at":"2026-05-24T09:29:29.000Z","time_to_close":186723,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":27,"packages":[{"name":"@langchain/community","old_version":"0.2.18","new_version":"1.1.18","repository_url":"https://github.com/langchain-ai/langchainjs-community"},{"name":"next","old_version":"14.2.5","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"postcss","old_version":"8.4.49","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.24.7","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"ajv","old_version":"6.12.6","new_version":"8.20.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"yaml","old_version":"2.4.5","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"ws","old_version":"8.18.0","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"minimatch","old_version":"3.1.2","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"path-to-regexp","old_version":"0.1.7","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"2.79.1","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"socket.io-parser","old_version":"4.2.4","new_version":"4.2.6","repository_url":"https://github.com/socketio/socket.io"},{"name":"webpack","old_version":"5.93.0","new_version":"5.107.1","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 17 updates in the /recipes/natural_language_processing/chatbot-nodejs/app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@langchain/community](https://github.com/langchain-ai/langchainjs-community) | `0.2.18` | `1.1.18` |\n| [next](https://github.com/vercel/next.js) | `14.2.5` | `15.5.18` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.49` | `8.5.10` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.24.7` | `7.29.4` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `8.20.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `2.1.0` |\n| [yaml](https://github.com/eemeli/yaml) | `2.4.5` | `2.9.0` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [ws](https://github.com/websockets/ws) | `8.18.0` | `8.20.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `9.0.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.7` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.1` | `2.80.0` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.4` | `4.2.6` |\n| [webpack](https://github.com/webpack/webpack) | `5.93.0` | `5.107.1` |\n\nBumps the npm_and_yarn group with 20 updates in the /recipes/natural_language_processing/rag-nodejs/app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@langchain/community](https://github.com/langchain-ai/langchainjs-community) | `0.3.48` | `1.1.18` |\n| [next](https://github.com/vercel/next.js) | `14.2.23` | `15.5.18` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.49` | `8.5.10` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.25.9` | `7.29.4` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `8.20.0` |\n| [yaml](https://github.com/eemeli/yaml) | `2.7.0` | `2.9.0` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [ws](https://github.com/websockets/ws) | `8.18.0` | `8.20.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `9.0.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.2` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.4` | `4.2.6` |\n| [webpack](https://github.com/webpack/webpack) | `5.97.1` | `5.107.1` |\n| [axios](https://github.com/axios/axios) | `1.7.4` | `1.16.1` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.5` | `3.1.2` |\n| [tar](https://github.com/isaacs/node-tar) | `6.2.1` | `removed` |\n\n\nUpdates `@langchain/community` from 0.2.18 to 1.1.18\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/langchain-ai/langchainjs-community/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​langchain/community\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 14.2.5 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v14.2.5...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.4.49 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003ePostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e during \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/1995\"\u003ehis work\u003c/a\u003e on \u003ca href=\"https://stylelint.io\"\u003eStylelint\u003c/a\u003e added \u003ccode\u003eInput#document\u003c/code\u003e in additional to \u003ccode\u003eInput#css\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eroot.source.input.document //=\u0026gt; \u0026quot;\u0026lt;p\u0026gt;Hello\u0026lt;/p\u0026gt;\r\n                           //    \u0026lt;style\u0026gt;\r\n                           //    p {\r\n                           //      color: green;\r\n                           //    }\r\n                           //    \u0026lt;/style\u0026gt;\u0026quot;\r\nroot.source.input.css      //=\u0026gt; \u0026quot;p {\r\n                           //      color: green;\r\n                           //    }\u0026quot;\r\n\u003cp\u003e\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eInput#document\u003c/code\u003e for sources like CSS-in-JS or HTML (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.4.49...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.24.7 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cd24cc07ef6558b7f6510f9177f6393c91b0549f\"\u003e\u003ccode\u003ecd24cc0\u003c/code\u003e\u003c/a\u003e chore: Update TS 5.7 (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17053\"\u003e#17053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 8.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.17.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebump version to 8.17.1 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2472\"\u003eajv-validator/ajv#2472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.0...v8.17.1\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.0...v8.17.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePlus everything in 8.17.0 which failed to release\u003c/h2\u003e\n\u003cp\u003eThe only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.\u003c/p\u003e\n\u003cp\u003eRevert \u0026quot;Revert fast-uri change (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2444\"\u003eajv-validator/ajv#2444\u003c/a\u003e)\u0026quot; by \u003ca href=\"https://github.com/gurgunday\"\u003e\u003ccode\u003e@​gurgunday\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2448\"\u003eajv-validator/ajv#2448\u003c/a\u003e\nfix: ignore new eslint error for \u003ccode\u003e@​typescript-eslint/no-extraneous-class\u003c/code\u003e by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2455\"\u003eajv-validator/ajv#2455\u003c/a\u003e\ndocs: clarify behaviour of addVocabulary by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2454\"\u003eajv-validator/ajv#2454\u003c/a\u003e\ndocs: refactor to improve legibility by \u003ca href=\"https://github.com/blottn\"\u003e\u003ccode\u003e@​blottn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2432\"\u003eajv-validator/ajv#2432\u003c/a\u003e\nFix grammatical typo in managing-schemas.md by \u003ca href=\"https://github.com/wetneb\"\u003e\u003ccode\u003e@​wetneb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2305\"\u003eajv-validator/ajv#2305\u003c/a\u003e\ndocs: Fix broken strict-mode link by \u003ca href=\"https://github.com/alexanderjsx\"\u003e\u003ccode\u003e@​alexanderjsx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2459\"\u003eajv-validator/ajv#2459\u003c/a\u003e\nfeat: add test for encoded refs and bump fast-uri by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2449\"\u003eajv-validator/ajv#2449\u003c/a\u003e\nfix: changes for \u003ccode\u003e@​typescript-eslint/array-type\u003c/code\u003e rule by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2467\"\u003eajv-validator/ajv#2467\u003c/a\u003e\nfixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2217\"\u003eajv-validator/ajv#2217\u003c/a\u003e - clarify custom keyword naming by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2457\"\u003eajv-validator/ajv#2457\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.17.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 2.x  14f1d91\u003c/li\u003e\n\u003cli\u003efmt  ed7780a\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  36603d5\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v2.0.1...v2.0.2\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v2.0.1...v2.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1ee4a9069c69a51bd502aab289c0c6629c8920ca\"\u003e\u003ccode\u003e1ee4a90\u003c/code\u003e\u003c/a\u003e 2.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/b0302ac153ecfaad66752aac79bf30d2895db8f1\"\u003e\u003ccode\u003eb0302ac\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v2 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/73b5459d2ab973c984d01324769d306f66440c7e\"\u003e\u003ccode\u003e73b5459\u003c/code\u003e\u003c/a\u003e 2.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5\"\u003e\u003ccode\u003e311ac0d\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v to v2 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/a3efcee659ef0fb381e2b50d759c720900580a15\"\u003e\u003ccode\u003ea3efcee\u003c/code\u003e\u003c/a\u003e 2.0.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/14f1d91b0523ffb0c8bbe6a28dc98ddc56ae53bc\"\u003e\u003ccode\u003e14f1d91\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 2.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ed7780ab1cb8a7696f1813b5a945fcc70d8d1990\"\u003e\u003ccode\u003eed7780a\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/36603d5f3599a37af9e85eda30acd7d28599c36e\"\u003e\u003ccode\u003e36603d5\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/b9c0e57027317a8d0a56a7ccee28fc478d847da2\"\u003e\u003ccode\u003eb9c0e57\u003c/code\u003e\u003c/a\u003e 2.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/4d96d7dbca632806263efb0da8d1e9d8a2143cc2\"\u003e\u003ccode\u003e4d96d7d\u003c/code\u003e\u003c/a\u003e switch to fork of matcha that works on node\u0026gt;12\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.4.5 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.9.0\u003c/h2\u003e\n\u003cp\u003eThe changes here are really only patches, but I'm releasing this as a minor version to note a small change to the documentation of \u003ccode\u003eparseDocument()\u003c/code\u003e and \u003ccode\u003eparseAllDocuments()\u003c/code\u003e: I've removed the claim that they'll \u0026quot;never throw\u0026quot;.\u003c/p\u003e\n\u003cp\u003eIt remains the case that practically all non-malicious inputs will be handled without emitting an error, but there is a decent chance that code paths remain where e.g. a RangeError due to call stack exhaustion can be triggered by malicious inputs. Up to now, I've considered these as security vulnerabilities, and in fact it's the only category of error for which \u003ccode\u003eyaml\u003c/code\u003e CVEs have been issued so far.\u003c/p\u003e\n\u003cp\u003eStarting from this release, I'll be considering such errors as bugs, but not vulnerabilities. I do welcome people and/or LLMs looking for them, but please report them as normal issues rather than suspected security vulnerabilities. This also applies to previously undiscovered bugs in earlier releases.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: Avoid calling \u003ccode\u003eArray.prototype.push.apply()\u003c/code\u003e with large source array\u003c/li\u003e\n\u003cli\u003efix(lexer): Avoid recursive calls that may exhaust the call stack\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDisable alias resolution with \u003ccode\u003emaxAliasCount:0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle invalid unicode escapes (e1a1a77)\u003c/li\u003e\n\u003cli\u003eApply \u003ccode\u003eminFractionDigits\u003c/code\u003e only to decimal strings (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSerialize -0 as -0 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/638\"\u003e#638\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not double newlines for empty map values (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/642\"\u003e#642\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve empty block literals (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/634\"\u003e#634\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd node cache for faster alias resolution (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRe-introduce compatibility with Node.js 14.6 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/614\"\u003e#614\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--merge\u003c/code\u003e option to CLI tool (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/611\"\u003e#611\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error for tag resolution error on null value (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow empty string as plain scalar representation, for failsafe schema (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: include cli example (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/617\"\u003e#617\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDo not allow seq with single-line collection value on same line with map key (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/603\"\u003e#603\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove warning \u0026amp; avoid TypeError on bad YAML 1.1 nodes (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.7.0\u003c/h2\u003e\n\u003cp\u003eThe library is now available on JSR as \u003ca href=\"https://jsr.io/@eemeli/yaml\"\u003e@​eemeli/yaml\u003c/a\u003e and on deno.land/x as \u003ca href=\"https://deno.land/x/yaml\"\u003eyaml\u003c/a\u003e. In addition to Node.js and browsers, it should work in Deno, Bun, and Cloudflare Workers.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse .ts extension in all relative imports (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/591\"\u003e#591\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore newline after block seq indicator as space before value (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/590\"\u003e#590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire Node.js 14.18 or later (was 14.6) (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/598\"\u003e#598\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDo not strip \u003ccode\u003e:00\u003c/code\u003e seconds from \u003ccode\u003e!!timestamp\u003c/code\u003e values (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/578\"\u003e#578\u003c/a\u003e, with thanks to \u003ca href=\"https://github.com/qraynaud\"\u003e\u003ccode\u003e@​qraynaud\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTighten regexp for JSON \u003ccode\u003e!!bool\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/587\"\u003e#587\u003c/a\u003e, with thanks to \u003ca href=\"https://github.com/vra5107\"\u003e\u003ccode\u003e@​vra5107\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDefault to literal block scalar if folded would overflow (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/585\"\u003e#585\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ddb21b04cb889722cec8f89dc1b67f19d62d7f7d\"\u003e\u003ccode\u003eddb21b0\u003c/code\u003e\u003c/a\u003e 2.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/167365befdae1f03d53d47a8c6533140a9d48a75\"\u003e\u003ccode\u003e167365b\u003c/code\u003e\u003c/a\u003e docs: Clarify that not all errors can be avoided\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6eca2a7087548f86c4edb6a7cf2cdfe548759f06\"\u003e\u003ccode\u003e6eca2a7\u003c/code\u003e\u003c/a\u003e fix: Avoid calling Array.prototype.push.apply() with large source array\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/0543cd57fd61ea15a58e9f0ec2064b8b408177d8\"\u003e\u003ccode\u003e0543cd5\u003c/code\u003e\u003c/a\u003e fix(lexer): Avoid recursive calls that may exhaust the call stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ccdf7439587544f64223429498a1d9ec514eaac1\"\u003e\u003ccode\u003eccdf743\u003c/code\u003e\u003c/a\u003e 2.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/f625789dbd971c936ff66fe5c49e368062ae7b41\"\u003e\u003ccode\u003ef625789\u003c/code\u003e\u003c/a\u003e fix: Disable alias resolution with maxAliasCount:0 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/e1a1a7735ff2e9717b87af36795bcd280f85f55d\"\u003e\u003ccode\u003ee1a1a77\u003c/code\u003e\u003c/a\u003e fix: Handle invalid unicode escapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a163ea009c57ab9f1054ca39b24b6ef4c1e9fdbe\"\u003e\u003ccode\u003ea163ea0\u003c/code\u003e\u003c/a\u003e style: Satify Prettier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/b2a5a6c615673056917aaa04d657802945e81425\"\u003e\u003ccode\u003eb2a5a6c\u003c/code\u003e\u003c/a\u003e fix: Apply minFractionDigits only to decimal strings (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/93c951b3478b4bb061d7b5227fd64f46d3f9df7f\"\u003e\u003ccode\u003e93c951b\u003c/code\u003e\u003c/a\u003e chore: Bump JSR version to v2.8.3 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.4.5...v2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 1.10.2 to 1.10.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.9.0\u003c/h2\u003e\n\u003cp\u003eThe changes here are really only patches, but I'm releasing this as a minor version to note a small change to the documentation of \u003ccode\u003eparseDocument()\u003c/code\u003e and \u003ccode\u003eparseAllDocuments()\u003c/code\u003e: I've removed the claim that they'll \u0026quot;never throw\u0026quot;.\u003c/p\u003e\n\u003cp\u003eIt remains the case that practically all non-malicious inputs will be handled without emitting an error, but there is a decent chance that code paths remain where e.g. a RangeError due to call stack exhaustion can be triggered by malicious inputs. Up to now, I've considered these as security vulnerabilities, and in fact it's the only category of error for which \u003ccode\u003eyaml\u003c/code\u003e CVEs have been issued so far.\u003c/p\u003e\n\u003cp\u003eStarting from this release, I'll be considering such errors as bugs, but not vulnerabilities. I do welcome people and/or LLMs looking for them, but please report them as normal issues rather than suspected security vulnerabilities. This also applies to previously undiscovered bugs in earlier releases.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: Avoid calling \u003ccode\u003eArray.prototype.push.apply()\u003c/code\u003e with large source array\u003c/li\u003e\n\u003cli\u003efix(lexer): Avoid recursive calls that may exhaust the call stack\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDisable alias resolution with \u003ccode\u003emaxAliasCount:0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle invalid unicode escapes (e1a1a77)\u003c/li\u003e\n\u003cli\u003eApply \u003ccode\u003eminFractionDigits\u003c/code\u003e only to decimal strings (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSerialize -0 as -0 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/638\"\u003e#638\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not double newlines for empty map values (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/642\"\u003e#642\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve empty block literals (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/634\"\u003e#634\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd node cache for faster alias resolution (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRe-introduce compatibility with Node.js 14.6 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/614\"\u003e#614\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--merge\u003c/code\u003e option to CLI tool (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/611\"\u003e#611\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error for tag resolution error on null value (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow empty string as plain scalar representation, for failsafe schema (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: include cli example (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/617\"\u003e#617\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDo not allow seq with single-line collection value on same line with map key (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/603\"\u003e#603\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove warning \u0026amp; avoid TypeError on bad YAML 1.1 nodes (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.7.0\u003c/h2\u003e\n\u003cp\u003eThe library is now available on JSR as \u003ca href=\"https://jsr.io/@eemeli/yaml\"\u003e@​eemeli/yaml\u003c/a\u003e and on deno.land/x as \u003ca href=\"https://deno.land/x/yaml\"\u003eyaml\u003c/a\u003e. In addition to Node.js and browsers, it should work in Deno, Bun, and Cloudflare Workers.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse .ts extension in all relative imports (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/591\"\u003e#591\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore newline after block seq indicator as space before value (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/590\"\u003e#590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire Node.js 14.18 or later (was 14.6) (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/598\"\u003e#598\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDo not strip \u003ccode\u003e:00\u003c/code\u003e seconds from \u003ccode\u003e!!timestamp\u003c/code\u003e values (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/578\"\u003e#578\u003c/a\u003e, with thanks to \u003ca href=\"https://github.com/qraynaud\"\u003e\u003ccode\u003e@​qraynaud\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTighten regexp for JSON \u003ccode\u003e!!bool\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/587\"\u003e#587\u003c/a\u003e, with thanks to \u003ca href=\"https://github.com/vra5107\"\u003e\u003ccode\u003e@​vra5107\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDefault to literal block scalar if folded would overflow (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/585\"\u003e#585\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ddb21b04cb889722cec8f89dc1b67f19d62d7f7d\"\u003e\u003ccode\u003eddb21b0\u003c/code\u003e\u003c/a\u003e 2.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/167365befdae1f03d53d47a8c6533140a9d48a75\"\u003e\u003ccode\u003e167365b\u003c/code\u003e\u003c/a\u003e docs: Clarify that not all errors can be avoided\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6eca2a7087548f86c4edb6a7cf2cdfe548759f06\"\u003e\u003ccode\u003e6eca2a7\u003c/code\u003e\u003c/a\u003e fix: Avoid calling Array.prototype.push.apply() with large source array\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/0543cd57fd61ea15a58e9f0ec2064b8b408177d8\"\u003e\u003ccode\u003e0543cd5\u003c/code\u003e\u003c/a\u003e fix(lexer): Avoid recursive calls that may exhaust the call stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ccdf7439587544f64223429498a1d9ec514eaac1\"\u003e\u003ccode\u003eccdf743\u003c/code\u003e\u003c/a\u003e 2.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/f625789dbd971c936ff66fe5c49e368062ae7b41\"\u003e\u003ccode\u003ef625789\u003c/code\u003e\u003c/a\u003e fix: Disable alias resolution with maxAliasCount:0 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/e1a1a7735ff2e9717b87af36795bcd280f85f55d\"\u003e\u003ccode\u003ee1a1a77\u003c/code\u003e\u003c/a\u003e fix: Handle invalid unicode escapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a163ea009c57ab9f1054ca39b24b6ef4c1e9fdbe\"\u003e\u003ccode\u003ea163ea0\u003c/code\u003e\u003c/a\u003e style: Satify Prettier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/b2a5a6c615673056917aaa04d657802945e81425\"\u003e\u003ccode\u003eb2a5a6c\u003c/code\u003e\u003c/a\u003e fix: Apply minFractionDigits only to decimal strings (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/93c951b3478b4bb061d7b5227fd64f46d3f9df7f\"\u003e\u003ccode\u003e93c951b\u003c/code\u003e\u003c/a\u003e chore: Bump JSR version to v2.8.3 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.4.5...v2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.18.0 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.20.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded exports for the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and utilities for the\n\u003ccode\u003eSec-WebSocket-Extensions\u003c/code\u003e and \u003ccode\u003eSec-WebSocket-Protocol\u003c/code\u003e headers (d3503c1f).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.19.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ecloseTimeout\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/websockets/ws/issues/2308\"\u003e#2308\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eHandled a forthcoming breaking change in Node.js core (19984854).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/3ee5349a0b1580f6e1f347b59ec3371011bd8481\"\u003e\u003ccode\u003e3ee5349\u003c/code\u003e\u003c/a\u003e [api] Convert the \u003ccode\u003eisServer\u003c/code\u003e and \u003ccode\u003emaxPayload\u003c/code\u003e parameters to options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/91707b470ebd803aaa3fd1e896217740f39267d4\"\u003e\u003ccode\u003e91707b4\u003c/code\u003e\u003c/a\u003e [doc] Add missing space\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/8b553192268810a83253e2a4a39ac16768e75bb3\"\u003e\u003ccode\u003e8b55319\u003c/code\u003e\u003c/a\u003e [pkg] Update eslint to version 10.0.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.18.0...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 9.0.9\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/minimatch/blob/main/changelog.md\"\u003eminimatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003echange log\u003c/h1\u003e\n\u003ch2\u003e10.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ebraceExpandMax\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003emagicalBraces\u003c/code\u003e option for \u003ccode\u003eescape\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when \u003ccode\u003epartial: true\u003c/code\u003e is set.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when pattern ends in a final \u003ccode\u003e**\u003c/code\u003e path part.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRequire node 20 or 22 and higher\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo default export, only named exports.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRecursive descent parser for extglob, allowing correct support\nfor arbitrarily nested extglob expressions\u003c/li\u003e\n\u003cli\u003eBump required Node.js version\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eunescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eMinimatch.hasMagic()\u003c/code\u003e method\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for posix character classes in a unicode-aware way.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ewindowsNoMagicRoot\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eoptimizationLevel\u003c/code\u003e configuration option, and revert the\ndefault back to the 6.2 style minimal optimizations, making the\nadvanced transforms introduced in 7.0 opt-in. Also, process\nprovided file paths in the same way in optimizationLevel:2\nmode, so \u003cem\u003emost\u003c/em\u003e things that matched with optimizationLevel 1 or\n0 \u003cem\u003eshould\u003c/em\u003e match with level 2 as well. However, level 1 is the\ndefault, out of an abundance of caution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/8a10e473e2e0ff03c2d4de308f257093af2bce21\"\u003e\u003ccode\u003e8a10e47\u003c/code\u003e\u003c/a\u003e 9.0.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/c6f180636cebd4de2f9af7ef29ca4c9bf2eeef02\"\u003e\u003ccode\u003ec6f1806\u003c/code\u003e\u003c/a\u003e brace-expansion@2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/446cfa3e2aa3ef45bd4a27fa4418221e158489f6\"\u003e\u003ccode\u003e446cfa3\u003c/code\u003e\u003c/a\u003e 9.0.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/8fa151ab95fd4e2acd6e1a81f10d02dc7c1098d3\"\u003e\u003ccode\u003e8fa151a\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/71b78a2a4cad3a40af08a39c065e71bbf69ea7f7\"\u003e\u003ccode\u003e71b78a2\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/2de496f6d9362dd92460f35ffa6ff8de2907244b\"\u003e\u003ccode\u003e2de496f\u003c/code\u003e\u003c/a\u003e 9.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/0d4616de9193bf1d359271662e92657bb51b2f75\"\u003e\u003ccode\u003e0d4616d\u003c/code\u003e\u003c/a\u003e limit nested extglob recursion, flatten extglobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7117ef381e74deace1c62a74d2298c8fe61d10ca\"\u003e\u003ccode\u003e7117ef3\u003c/code\u003e\u003c/a\u003e 9.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/2418458b7fe82e0a1fd1a1b6f618c41c90b9848a\"\u003e\u003ccode\u003e2418458\u003c/code\u003e\u003c/a\u003e update deps, do not checkin dist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1d1f531009d5e4a86083de37e5ef3f301e073986\"\u003e\u003ccode\u003e1d1f531\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v9.0.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.6 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.9...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsonpath` from 1.1.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langsmith` from 0.1.36 to 0.1.68\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/63fcf77db2190615a9558154d254771ca8ff79f3\"\u003e\u003ccode\u003e63fcf77\u003c/code\u003e\u003c/a\u003e safer exception (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/758\"\u003e#758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/a39f66225b87b9ecdf70f4ec745f6cabc985273b\"\u003e\u003ccode\u003ea39f662\u003c/code\u003e\u003c/a\u003e cr\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/cdb8d918367dec39cdd64a911c4ed45d7f3e2048\"\u003e\u003ccode\u003ecdb8d91\u003c/code\u003e\u003c/a\u003e safer exception\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/ad3cb2dc0de74d071c6e29ea30db98b9ab61542a\"\u003e\u003ccode\u003ead3cb2d\u003c/code\u003e\u003c/a\u003e [Python] Infer parent_run_id in from_dotted_order (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/754\"\u003e#754\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/4863cf88b2ae7376b026a8bfdf57dfb00ff81082\"\u003e\u003ccode\u003e4863cf8\u003c/code\u003e\u003c/a\u003e [Python] Handoff Bugs (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/753\"\u003e#753\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/2ad492baf7639b219481ec619c4a8fece4b663d9\"\u003e\u003ccode\u003e2ad492b\u003c/code\u003e\u003c/a\u003e fix(js): add missing callbacks when evaluating a runnable (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/748\"\u003e#748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/26a626e1dcf4a422544256c210433d1d560b22cd\"\u003e\u003ccode\u003e26a626e\u003c/code\u003e\u003c/a\u003e Allow overriding the metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/edccdb17deaa8a79dd3dd2a491a7e4f713235938\"\u003e\u003ccode\u003eedccdb1\u003c/code\u003e\u003c/a\u003e [Python] ...\n\n_Description has been truncated_","html_url":"https://github.com/Kaairofelipe/ai-lab-recipes/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kaairofelipe%2Fai-lab-recipes/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"},{"uuid":"4458120779","node_id":"PR_kwDOOkJiQ87cIHeU","number":36,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 25 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-16T01:52:01.000Z","updated_at":"2026-05-16T01:53:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":25,"packages":[{"name":"axios","old_version":"1.9.0","new_version":"1.15.2","repository_url":"https://github.com/axios/axios"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.27.1","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"@xmldom/xmldom","old_version":"0.8.10","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"ajv","old_version":"8.17.1","new_version":"8.20.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"brace-expansion","old_version":"2.0.1","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"9.0.5","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"form-data","old_version":"3.0.3","new_version":"3.0.4","repository_url":"https://github.com/form-data/form-data"},{"name":"immutable","old_version":"5.1.1","new_version":"5.1.5","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"on-headers","old_version":"1.0.2","new_version":"1.1.0","repository_url":"https://github.com/jshttp/on-headers"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"2.7.1","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"},{"name":"react-router","old_version":"7.5.3","new_version":"7.15.1","repository_url":"https://github.com/remix-run/react-router"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"socket.io-parser","old_version":"4.2.4","new_version":"4.2.6","repository_url":"https://github.com/socketio/socket.io"},{"name":"webpack","old_version":"5.99.7","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 22 updates in the /client directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.9.0` | `1.15.2` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.27.1` | `7.29.4` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.10` | `0.8.13` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.20.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [form-data](https://github.com/form-data/form-data) | `3.0.3` | `3.0.4` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `5.1.1` | `5.1.5` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [yaml](https://github.com/eemeli/yaml) | `2.7.1` | `2.9.0` |\n| [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `7.5.3` | `7.15.1` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.4` | `4.2.6` |\n| [webpack](https://github.com/webpack/webpack) | `5.99.7` | `5.106.2` |\n\n\nUpdates `axios` from 1.9.0 to 1.15.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eLocation\u003c/code\u003e Request Header Type:\u003c/strong\u003e Adds \u003ccode\u003eLocation\u003c/code\u003e to \u003ccode\u003eCommonRequestHeadersList\u003c/code\u003e for accurate typing of redirect-aware requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7528\"\u003e#7528\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormData Handling:\u003c/strong\u003e Removes \u003ccode\u003eContent-Type\u003c/code\u003e when no boundary is present on \u003ccode\u003eFormData\u003c/code\u003e fetch requests, supports multi-select fields, cancels \u003ccode\u003erequest.body\u003c/code\u003e instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7314\"\u003e#7314\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10676\"\u003e#10676\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10702\"\u003e#10702\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10726\"\u003e#10726\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter:\u003c/strong\u003e Handles socket-only request errors without leaking keep-alive listeners. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10576\"\u003e#10576\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProgress Events:\u003c/strong\u003e Clamps \u003ccode\u003eloaded\u003c/code\u003e to \u003ccode\u003etotal\u003c/code\u003e for computable upload/download progress events. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7458\"\u003e#7458\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes:\u003c/strong\u003e Aligns \u003ccode\u003erunWhen\u003c/code\u003e type with the runtime behaviour in \u003ccode\u003eInterceptorManager\u003c/code\u003e and makes response header keys case-insensitive. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7529\"\u003e#7529\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10677\"\u003e#10677\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ebuildFullPath\u003c/code\u003e:\u003c/strong\u003e Uses strict equality in the base/relative URL check. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7252\"\u003e#7252\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eAxiosURLSearchParams\u003c/code\u003e Regex:\u003c/strong\u003e Improves the regex used for param serialisation to avoid edge-case mismatches. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10736\"\u003e#10736\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eResilient Value Parsing:\u003c/strong\u003e Parses out header/config values instead of throwing on malformed input. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10687\"\u003e#10687\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2 - April 21, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.15.1 - April 19, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/582934382e4e0e0bcb679c628071a4203e93cf57\"\u003e\u003ccode\u003e5829343\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10789\"\u003e#10789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4709a48fa2717ba97f43f5432d48ca4e26c2d326\"\u003e\u003ccode\u003e4709a48\u003c/code\u003e\u003c/a\u003e fix: added fix for memory leak in sockets (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/be3336014e01f9a4fc1f8aef15303cf7daaf58db\"\u003e\u003ccode\u003ebe33360\u003c/code\u003e\u003c/a\u003e chore: update changelog (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa\"\u003e\u003ccode\u003e4791514\u003c/code\u003e\u003c/a\u003e fix: more header pollutions (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/6feafcff6c2dbafe206161c5d09e38e1d36af66f\"\u003e\u003ccode\u003e6feafcf\u003c/code\u003e\u003c/a\u003e fix: socket issue (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/302e2739c602f00e323d4f3f5c79500647633a73\"\u003e\u003ccode\u003e302e273\u003c/code\u003e\u003c/a\u003e docs: update docs, add a couple actions etc (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ac42446be51300fe214ba3c6e40cc95f34fd6871\"\u003e\u003ccode\u003eac42446\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10767\"\u003e#10767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/908f2206b6bfeff67236784abce85935698ac1d9\"\u003e\u003ccode\u003e908f220\u003c/code\u003e\u003c/a\u003e docs: update threatmodel (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10765\"\u003e#10765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f93f8155250c2e066205521eda05ae22983a1f6d\"\u003e\u003ccode\u003ef93f815\u003c/code\u003e\u003c/a\u003e docs: added docs around potential decompressions bomb (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10763\"\u003e#10763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1728aa1b15b8857f970611fd8983c06b423fc486\"\u003e\u003ccode\u003e1728aa1\u003c/code\u003e\u003c/a\u003e fix: short-circuits on any truthy non-boolean in withXSRFToken (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.9.0...v1.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.27.1 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.14.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 4.1.0 to 4.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@xmldom/xmldom` from 0.8.10 to 0.8.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/releases\"\u003e@​xmldom/xmldom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e0.8.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/discussions/357\"\u003ehttps://github.com/xmldom/xmldom/discussions/357\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.8.11\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.10...0.8.11\"\u003e0.8.11\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate \u003ccode\u003eownerDocument\u003c/code\u003e when moving nodes between documents \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/933\"\u003e\u003ccode\u003e[#933](https://github.com/xmldom/xmldom/issues/933)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/932\"\u003e\u003ccode\u003e[#932](https://github.com/xmldom/xmldom/issues/932)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you, \u003ca href=\"https://github.com/shunkica\"\u003e\u003ccode\u003e@​shunkica\u003c/code\u003e\u003c/a\u003e, for your contributions\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md\"\u003e@​xmldom/xmldom's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003e0.8.13\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.9.8...0.9.9\"\u003e0.9.9\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimplement \u003ccode\u003eParentNode.children\u003c/code\u003e getter \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/960\"\u003e\u003ccode\u003e[#960](https://github.com/xmldom/xmldom/issues/960)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/410\"\u003e\u003ccode\u003e[#410](https://github.com/xmldom/xmldom/issues/410)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecorrectly traverse ancestor chain in \u003ccode\u003eNode.contains\u003c/code\u003e \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/931\"\u003e\u003ccode\u003e[#931](https://github.com/xmldom/xmldom/issues/931)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003ch3\u003eChore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/yoshi389111\"\u003e\u003ccode\u003e@​yoshi389111\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003e0.8.12\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e5c14802592685bb872c042c54c3f73758875c85\"\u003e\u003ccode\u003ee5c1480\u003c/code\u003e\u003c/a\u003e 0.8.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/9611e20d75f059dc377f806a8f7ee7d1eaeaeb7c\"\u003e\u003ccode\u003e9611e20\u003c/code\u003e\u003c/a\u003e style: drop unused import in test file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/dc4dff3d1d0b5a6b97c52fcc1823a735b8821e62\"\u003e\u003ccode\u003edc4dff3\u003c/code\u003e\u003c/a\u003e docs: add 0.8.13 changelog entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/842fa38deedd2d9a9c90d0ad54aa1be75d2a41bc\"\u003e\u003ccode\u003e842fa38\u003c/code\u003e\u003c/a\u003e fix: prevent stack overflow in normalize (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/aeff69f5a32e8c1bd540683da9e10718f84f595c\"\u003e\u003ccode\u003eaeff69f\u003c/code\u003e\u003c/a\u003e test: add normalize behavioral coverage to node.test.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/cbdb0d7db8ae70760bd4cc181cb8f30bb0cd9d88\"\u003e\u003ccode\u003ecbdb0d7\u003c/code\u003e\u003c/a\u003e fix: make walkDOM iterative to prevent stack overflow (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/0b543d31794dc198c86a0358574cb5dec29674c5\"\u003e\u003ccode\u003e0b543d3\u003c/code\u003e\u003c/a\u003e test: assert namespace declarations are isolated between siblings in serializ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/c007c51909587990c962cf3d5c2acadf4c897b87\"\u003e\u003ccode\u003ec007c51\u003c/code\u003e\u003c/a\u003e refactor: migrate serializeToString to walkDOM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/2bb3899074820089d9e76ce28a5edfdacf425025\"\u003e\u003ccode\u003e2bb3899\u003c/code\u003e\u003c/a\u003e test: add serializeToString coverage for uncovered branches\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e69f38d0a58731152d300e8c8eb29506f5f488fe\"\u003e\u003ccode\u003ee69f38d\u003c/code\u003e\u003c/a\u003e refactor: migrate importNode to walkDOM\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.10...0.8.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~karfau\"\u003ekarfau\u003c/a\u003e, a new releaser for \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.1 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: ...\n\n_Description has been truncated_","html_url":"https://github.com/realbrodiwhite/royalgamesclient/pull/36","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/realbrodiwhite%2Froyalgamesclient/issues/36","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/36/packages"},{"uuid":"4431917120","node_id":"PR_kwDOKm4NMs7a0CGE","number":2008,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 4 directories with 21 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-14T01:33:35.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-12T19:11:04.000Z","updated_at":"2026-05-14T01:33:38.000Z","time_to_close":109351,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":21,"packages":[{"name":"@backstage/plugin-auth-backend","old_version":"0.14.1","new_version":"0.27.1","repository_url":"https://github.com/backstage/backstage"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.23.3","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"@backstage/integration","old_version":"1.13.0","new_version":"1.20.1","repository_url":"https://github.com/backstage/backstage"},{"name":"flatted","old_version":"3.2.9","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"immutable","old_version":"3.8.2","new_version":"3.8.3","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"2.79.1","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"svgo","old_version":"2.8.0","new_version":"2.8.2","repository_url":"https://github.com/svg/svgo"},{"name":"undici","old_version":"5.28.4","new_version":"5.29.0","repository_url":"https://github.com/nodejs/undici"},{"name":"webpack","old_version":"5.89.0","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 13 updates in the /dashboard directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@backstage/plugin-auth-backend](https://github.com/backstage/backstage/tree/HEAD/plugins/auth-backend) | `0.14.1` | `0.27.1` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.23.3` | `7.29.4` |\n| [@backstage/integration](https://github.com/backstage/backstage/tree/HEAD/packages/integration) | `1.13.0` | `1.20.1` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.9` | `3.4.2` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `3.8.2` | `3.8.3` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.1` | `2.80.0` |\n| [svgo](https://github.com/svg/svgo) | `2.8.0` | `2.8.2` |\n| [undici](https://github.com/nodejs/undici) | `5.28.4` | `5.29.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.89.0` | `5.106.2` |\n\nBumps the npm_and_yarn group with 1 update in the /dashboard/packages/backend directory: [@backstage/plugin-auth-backend](https://github.com/backstage/backstage/tree/HEAD/plugins/auth-backend).\nBumps the npm_and_yarn group with 7 updates in the /rs/dre-canisters/node_status_canister directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [qs](https://github.com/ljharb/qs) | `6.11.0` | `6.15.1` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.1` | `6.0.2` |\n| [webpack](https://github.com/webpack/webpack) | `5.88.2` | `5.106.2` |\n\nBumps the npm_and_yarn group with 8 updates in the /rs/dre-canisters/trustworthy-node-metrics directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.25.0` | `7.29.4` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `4.3.7` | `4.3.8` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `3.29.4` | `3.30.0` |\n| [next](https://github.com/vercel/next.js) | `14.2.5` | `15.5.18` |\n\n\nUpdates `@backstage/plugin-auth-backend` from 0.14.1 to 0.27.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/backstage/backstage/blob/master/plugins/auth-backend/CHANGELOG.md\"\u003e@​backstage/plugin-auth-backend's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e\u003ccode\u003e@​backstage/plugin-auth-backend\u003c/code\u003e\u003c/h1\u003e\n\u003ch2\u003e0.28.1-next.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ee9b78e9: Removed the \u003ccode\u003euuid\u003c/code\u003e dependency and replaced usage with the built-in \u003ccode\u003ecrypto.randomUUID()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUpdated dependencies\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/catalog-model\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.8.1-next.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/plugin-catalog-node\u003c/code\u003e\u003ca href=\"https://github.com/2\"\u003e\u003ccode\u003e@​2\u003c/code\u003e\u003c/a\u003e.2.1-next.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/plugin-auth-node\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.7.1-next.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.28.1-next.0\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/errors\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.1-next.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/plugin-auth-node\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.7.1-next.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/backend-plugin-api\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.9.1-next.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/catalog-model\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.8.1-next.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/config\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.8-next.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/plugin-catalog-node\u003c/code\u003e\u003ca href=\"https://github.com/2\"\u003e\u003ccode\u003e@​2\u003c/code\u003e\u003c/a\u003e.2.1-next.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/types\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.2.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.28.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ed7c67cd: \u003cstrong\u003eBREAKING\u003c/strong\u003e: The setting \u003ccode\u003eauth.omitIdentityTokenOwnershipClaim\u003c/code\u003e has had its default value switched to \u003ccode\u003etrue\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eWith this setting Backstage user tokens issued by the \u003ccode\u003eauth\u003c/code\u003e backend will no longer contain an \u003ccode\u003eent\u003c/code\u003e claim - the one with the user's ownership entity refs. This means that tokens issued in large orgs no longer risk hitting HTTP header size limits.\u003c/p\u003e\n\u003cp\u003eTo get ownership info for the current user, code should use the \u003ccode\u003euserInfo\u003c/code\u003e core service. In practice code will typically already conform to this since the \u003ccode\u003eent\u003c/code\u003e claim has not been readily exposed in any other way for quite some time. But code which explicitly decodes Backstage tokens - which is strongly discouraged - may be affected by this change.\u003c/p\u003e\n\u003cp\u003eThe setting will remain for some time to allow it to be set back to \u003ccode\u003efalse\u003c/code\u003e if need be, but it will be removed entirely in a future release.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e482ceed: Migrated from \u003ccode\u003eassertError\u003c/code\u003e to \u003ccode\u003etoError\u003c/code\u003e for error handling.\u003c/li\u003e\n\u003cli\u003edc87ac1: Fixed CIMD redirect URI matching to allow any port for localhost addresses per RFC 8252 Section 7.3. Native CLI clients use ephemeral ports for OAuth callbacks, which are now accepted when the registered redirect URI uses a localhost address.\u003c/li\u003e\n\u003cli\u003eUpdated dependencies\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/backend-plugin-api\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.9.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/errors\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/plugin-auth-node\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.7.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/catalog-model\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.8.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/plugin-catalog-node\u003c/code\u003e\u003ca href=\"https://github.com/2\"\u003e\u003ccode\u003e@​2\u003c/code\u003e\u003c/a\u003e.2.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/config\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.7\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.28.0-next.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/backstage/backstage/commits/HEAD/plugins/auth-backend\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.23.3 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cd24cc07ef6558b7f6510f9177f6393c91b0549f\"\u003e\u003ccode\u003ecd24cc0\u003c/code\u003e\u003c/a\u003e chore: Update TS 5.7 (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17053\"\u003e#17053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@backstage/integration` from 1.13.0 to 1.20.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/backstage/backstage/blob/master/packages/integration/CHANGELOG.md\"\u003e@​backstage/integration's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e\u003ccode\u003e@​backstage/integration\u003c/code\u003e\u003c/h1\u003e\n\u003ch2\u003e2.0.2-next.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e6b112d3: Fixed two issues in the GitLab integration's fetch behavior:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe internal fetch wrapper was passing \u003ccode\u003emode: 'same-origin'\u003c/code\u003e on every request. This had no practical effect server-side, but would have caused cross-origin requests to be rejected when the integration is used from a browser. Requests now use the default fetch mode and work correctly in both browser and Node environments.\u003c/li\u003e\n\u003cli\u003eWhen retries are configured, transient network errors (such as dropped connections or DNS hiccups) are now retried using the same \u003ccode\u003emaxRetries\u003c/code\u003e and exponential delay as retryable HTTP status codes. Previously, a thrown fetch error would propagate immediately on the first failure regardless of the retry configuration. Caller-initiated aborts continue to surface immediately without being retried.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.2-next.0\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eb62781f: Moved \u003ccode\u003eregisterMswTestHooks\u003c/code\u003e to test files.\u003c/li\u003e\n\u003cli\u003eUpdated dependencies\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/errors\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.1-next.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/config\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.8-next.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed112499: Fixed \u003ccode\u003eSingleInstanceGithubCredentialsProvider\u003c/code\u003e to return app credentials when \u003ccode\u003egetCredentials\u003c/code\u003e is called with a bare host URL (e.g. \u003ccode\u003ehttps://github.com\u003c/code\u003e) instead of falling back to a personal access token.\u003c/li\u003e\n\u003cli\u003eUpdated dependencies\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/errors\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/config\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.7\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.1-next.0\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed112499: Fixed \u003ccode\u003eSingleInstanceGithubCredentialsProvider\u003c/code\u003e to return app credentials when \u003ccode\u003egetCredentials\u003c/code\u003e is called with a bare host URL (e.g. \u003ccode\u003ehttps://github.com\u003c/code\u003e) instead of falling back to a personal access token.\u003c/li\u003e\n\u003cli\u003eUpdated dependencies\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/errors\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.0-next.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/config\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.7-next.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.0\u003c/h2\u003e\n\u003ch3\u003eMajor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e527cf88: \u003cstrong\u003eBREAKING\u003c/strong\u003e Removed deprecated Azure DevOps, Bitbucket, Gerrit and GitHub code:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFor Azure DevOps, the long deprecated \u003ccode\u003etoken\u003c/code\u003e string and \u003ccode\u003ecredential\u003c/code\u003e object have been removed from the \u003ccode\u003econfig.d.ts\u003c/code\u003e. Use the \u003ccode\u003ecredentials\u003c/code\u003e array object instead.\u003c/li\u003e\n\u003cli\u003eFor Bitbucket, the long deprecated \u003ccode\u003ebitbucket\u003c/code\u003e object has been removed from the \u003ccode\u003econfig.d.ts\u003c/code\u003e. Use the \u003ccode\u003ebitbucketCloud\u003c/code\u003e or \u003ccode\u003ebitbucketServer\u003c/code\u003e objects instead.\u003c/li\u003e\n\u003cli\u003eFor Gerrit, the \u003ccode\u003eparseGerritGitilesUrl\u003c/code\u003e function has been removed, use \u003ccode\u003eparseGitilesUrlRef\u003c/code\u003e instead. The \u003ccode\u003ebuildGerritGitilesArchiveUrl\u003c/code\u003e function has also been removed, use \u003ccode\u003ebuildGerritGitilesArchiveUrlFromLocation\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003eFor GitHub, the \u003ccode\u003egetGitHubRequestOptions\u003c/code\u003e function has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/backstage/backstage/commit/c8a8aac2af9975fa1d7659adf7bb2cffcaf4e2fe\"\u003e\u003ccode\u003ec8a8aac\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/backstage/backstage/commit/4aa43f62aa3806843dd24975af4d705d4b75a2eb\"\u003e\u003ccode\u003e4aa43f6\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency cross-fetch to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/backstage/backstage/commit/f577e1176fc55854ec1b6c26409b17cd498ca967\"\u003e\u003ccode\u003ef577e11\u003c/code\u003e\u003c/a\u003e Version Packages (next)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/backstage/backstage/commit/11153a019d8c27cd321c82ead3dda484bb1822f8\"\u003e\u003ccode\u003e11153a0\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'upstream/master' into entra-rename\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/backstage/backstage/commit/ad7d38c4b68823cfff5c5ddadcc7050130573149\"\u003e\u003ccode\u003ead7d38c\u003c/code\u003e\u003c/a\u003e fix tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/backstage/backstage/commit/243c655a68da03c094bed295d2e8072828b6df5e\"\u003e\u003ccode\u003e243c655\u003c/code\u003e\u003c/a\u003e Updated \u003ccode\u003eAzure Active Directory\u003c/code\u003e to \u003ccode\u003eEntra ID\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/backstage/backstage/commit/8cdb8c2e40f24a59a2fc1aacdf60b8712446e0f8\"\u003e\u003ccode\u003e8cdb8c2\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/backstage/backstage/commit/e43d3eb1b722f116d6b2f371c42ae3305c371e88\"\u003e\u003ccode\u003ee43d3eb\u003c/code\u003e\u003c/a\u003e Version Packages (next)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/backstage/backstage/commit/0b55f773a75125227c50a839b98b72053cb88b71\"\u003e\u003ccode\u003e0b55f77\u003c/code\u003e\u003c/a\u003e Removed some unused dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/backstage/backstage/commit/bea36177129a4e37c6d5de032266ed5d136b437f\"\u003e\u003ccode\u003ebea3617\u003c/code\u003e\u003c/a\u003e Version Packages (next)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/backstage/backstage/commits/v1.20.1/packages/integration\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.7.4 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/df53d7dd99b202fb194217abd127ae6a630e70dc\"\u003e\u003ccode\u003edf53d7d\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/9d92bcd32639d1eea5b89f03ae45f248d3bb058e\"\u003e\u003ccode\u003e9d92bcd\u003c/code\u003e\u003c/a\u003e fix: gadgets and smaller issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/5107ee69aee527b19eabaf80000ca65752135435\"\u003e\u003ccode\u003e5107ee6\u003c/code\u003e\u003c/a\u003e fix: prevent undefined error codes in settle (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e57349992f230b6b13e80613eb84302560aa5ba8\"\u003e\u003ccode\u003ee573499\u003c/code\u003e\u003c/a\u003e fix(fetch): defer global access in fetch adapter (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ad68e1a484b50086af427f767bbd7d6e3aab7ac3\"\u003e\u003ccode\u003ead68e1a\u003c/code\u003e\u003c/a\u003e fix(http): honor timeout during connect without redirects (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/2a51828213128691d2e37502b5eb2cf4965a737d\"\u003e\u003ccode\u003e2a51828\u003c/code\u003e\u003c/a\u003e fix(http): decode URL basic auth credentials (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0e8b6bbb542131bae9940618d84d5286255d4db1\"\u003e\u003ccode\u003e0e8b6bb\u003c/code\u003e\u003c/a\u003e fix(http): preserve user-supplied Host header when forwarding through a proxy...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/79f39e1d041dca87173226d0255f90eaf252564b\"\u003e\u003ccode\u003e79f39e1\u003c/code\u003e\u003c/a\u003e docs: document paramsSerializer.encode for strict RFC 3986 query encoding (\u003ca href=\"https://redirect.github.com/axios/axios/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0fe3a5fc14829535e1d517c662d448e86c33438e\"\u003e\u003ccode\u003e0fe3a5f\u003c/code\u003e\u003c/a\u003e [Docs/Types] Update \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions for ES2023 and add ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/cd6737fd84bdb7caf2a319d3579573a49f9d238d\"\u003e\u003ccode\u003ecd6737f\u003c/code\u003e\u003c/a\u003e chore: matches the sibling responseStream.on(aborted) handler and added tests...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.7.4...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.2.9 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.2.9...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.8 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `immutable` from 3.8.2 to 3.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/immutable-js/immutable-js/releases\"\u003eimmutable's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.8.3\u003c/h2\u003e\n\u003cp\u003eFix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md\"\u003eimmutable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\nDates are formatted as YYYY-MM-DD.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch2\u003e5.1.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate some files to TS by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2125\"\u003eimmutable-js/immutable-js#2125\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eIterator.ts\u003c/li\u003e\n\u003cli\u003ePairSorting.ts\u003c/li\u003e\n\u003cli\u003etoJS.ts\u003c/li\u003e\n\u003cli\u003eMath.ts\u003c/li\u003e\n\u003cli\u003eHash.ts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eExtract CollectionHelperMethods and convert to TS by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2131\"\u003eimmutable-js/immutable-js#2131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse npm \u003ca href=\"https://docs.npmjs.com/trusted-publishers\"\u003etrusted publishing only\u003c/a\u003e to avoid token stealing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix/a11y issues by \u003ca href=\"https://github.com/lyannel\"\u003e\u003ccode\u003e@​lyannel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2136\"\u003eimmutable-js/immutable-js#2136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDoc add Map.get signature update by \u003ca href=\"https://github.com/borracciaBlu\"\u003e\u003ccode\u003e@​borracciaBlu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2138\"\u003eimmutable-js/immutable-js#2138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(doc):minor-issues#2132 by \u003ca href=\"https://github.com/JayMeDotDot\"\u003e\u003ccode\u003e@​JayMeDotDot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2133\"\u003eimmutable-js/immutable-js#2133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix algolia search by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2135\"\u003eimmutable-js/immutable-js#2135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTypo in OrderedMap by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2144\"\u003eimmutable-js/immutable-js#2144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: Sort all imports and activate eslint import rule by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2119\"\u003eimmutable-js/immutable-js#2119\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.3\u003c/h2\u003e\n\u003ch3\u003eTypeScript\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: allow readonly map entry constructor by \u003ca href=\"https://github.com/septs\"\u003e\u003ccode\u003e@​septs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2123\"\u003eimmutable-js/immutable-js#2123\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cp\u003eThere has been a huge amount of changes in the documentation, mainly migrate from an autogenerated documentation from .d.ts file, to a proper documentation in markdown.\nThe playground has been included on nearly all method examples.\nWe added a page about browser extensions too: \u003ca href=\"https://immutable-js.com/browser-extension/\"\u003ehttps://immutable-js.com/browser-extension/\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/c4074256bf48ab372fdad2b3d47db89306a5211e\"\u003e\u003ccode\u003ec407425\u003c/code\u003e\u003c/a\u003e bump v3.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/c6ff68a47f1120ef5448179035c79fe9f5836f2a\"\u003e\u003ccode\u003ec6ff68a\u003c/code\u003e\u003c/a\u003e release script on 3.x branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/a675a6656416a7c73178b77de4eb198d4342dcd9\"\u003e\u003ccode\u003ea675a66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/2179\"\u003e#2179\u003c/a\u003e from immutable-js/port-patch-for-cve-2026-29063\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/6e2cf1cfe6137e72dfa48fc2cfa8f4d399d113f9\"\u003e\u003ccode\u003e6e2cf1c\u003c/code\u003e\u003c/a\u003e Port patch for CVE 2026-29063 onto branch 3.x\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v3.8.2...v3.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for immutable since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsonpath` from 1.1.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob patte...\n\n_Description has been truncated_","html_url":"https://github.com/dfinity/dre/pull/2008","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dfinity%2Fdre/issues/2008","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2008/packages"},{"uuid":"4416306692","node_id":"PR_kwDOHZegI87aBhUF","number":26,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 17 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-10T17:25:17.000Z","updated_at":"2026-05-14T06:25:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":17,"packages":[{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.27.1","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"brace-expansion","old_version":"2.0.2","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"9.0.5","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"2.8.0","new_version":"2.8.4","repository_url":"https://github.com/eemeli/yaml"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.1","repository_url":"https://github.com/ljharb/qs"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"webpack","old_version":"5.99.9","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 16 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.27.1` | `7.29.4` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.0` | `2.8.4` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.1` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.99.9` | `5.106.2` |\n\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.27.1 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.2 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.0.6 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove master branch support by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/126\"\u003efastify/fast-uri#126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(test) remove .gitkeep by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/128\"\u003efastify/fast-uri#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): set job permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/129\"\u003efastify/fast-uri#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set permissions at workflow level by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/131\"\u003efastify/fast-uri#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set workflow permissions to read-only by default by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/132\"\u003efastify/fast-uri#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): restore job level permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/133\"\u003efastify/fast-uri#133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.31.2 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/134\"\u003efastify/fast-uri#134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): pin actions to commit-hash by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/135\"\u003efastify/fast-uri#135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add node 24 to test matrix by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/136\"\u003efastify/fast-uri#136\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.0.6...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 9.0.5 to 9.0.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 5.1.6 to 5.1.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.9 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.9...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsonpath` from 1.1.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.7 / 2015-07-28\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression with escaped round brackets and matching groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.6 / 2015-06-19\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eindex\u003c/code\u003e feature by outputting all parameters, unnamed and named.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.5 / 2015-05-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an index property for position in match result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.4 / 2015-03-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd license information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.3 / 2014-07-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBetter array support\u003c/li\u003e\n\u003cli\u003eImproved support for trailing slash in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.0 / 2014-03-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eadd options.end\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.0.2 / 2013-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to match current express\u003c/li\u003e\n\u003cli\u003eadd .license property to component.json\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0\"\u003e\u003ccode\u003e9fd0c87\u003c/code\u003e\u003c/a\u003e 0.1.13 (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/425\"\u003e#425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45\"\u003e\u003ccode\u003e7ccf02c\u003c/code\u003e\u003c/a\u003e fix: CVE-2026-4867\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for path-to-regexp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 1.10.2 to 1.10.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/cfe8f0437054ff5fbfe6499894f55b3316a54959\"\u003e\u003ccode\u003ecfe8f04\u003c/code\u003e\u003c/a\u003e 1.10.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/7abcf45dd63f0bc626890ad9a8cdeb397f92be73\"\u003e\u003ccode\u003e7abcf45\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during CST composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a0252f8b056f49875d1b79edb8709cff7d7d0dc6\"\u003e\u003ccode\u003ea0252f8\u003c/code\u003e\u003c/a\u003e chore: Add rules avoiding processing of tests/json-test-suite\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a5e83b05f7124c31b4784b613f0c669959a5ed48\"\u003e\u003ccode\u003ea5e83b0\u003c/code\u003e\u003c/a\u003e style: Apply updates Prettier rules\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/b8ddca0a5d4794a3c60f252d3513e6ff7068fdf0\"\u003e\u003ccode\u003eb8ddca0\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/395f892ec9a26b9038c8db388b675c3281ab8cd3\"\u003e\u003ccode\u003e395f892\u003c/code\u003e\u003c/a\u003e ci: Use a different (working) submodule checkout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6fd272052751775e48196024d4bed639cc1e0350\"\u003e\u003ccode\u003e6fd2720\u003c/code\u003e\u003c/a\u003e test-events: Add {} and [] indicators to flow maps \u0026amp; sequences\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v1.10.2...v1.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.8.0 to 2.8.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/cfe8f0437054ff5fbfe6499894f55b3316a54959\"\u003e\u003ccode\u003ecfe8f04\u003c/code\u003e\u003c/a\u003e 1.10.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/7abcf45dd63f0bc626890ad9a8cdeb397f92be73\"\u003e\u003ccode\u003e7abcf45\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during CST composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a0252f8b056f49875d1b79edb8709cff7d7d0dc6\"\u003e\u003ccode\u003ea0252f8\u003c/code\u003e\u003c/a\u003e chore: Add rules avoiding processing of tests/json-test-suite\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a5e83b05f7124c31b4784b613f0c669959a5ed48\"\u003e\u003ccode\u003ea5e83b0\u003c/code\u003e\u003c/a\u003e style: Apply updates Prettier rules\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/b8ddca0a5d4794a3c60f252d3513e6ff7068fdf0\"\u003e\u003ccode\u003eb8ddca0\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/395f892ec9a26b9038c8db388b675c3281ab8cd3\"\u003e\u003ccode\u003e395f892\u003c/code\u003e\u003c/a\u003e ci: Use a different (working) submodule checkout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6fd272052751775e48196024d4bed639cc1e0350\"\u003e\u003ccode\u003e6fd2720\u003c/code\u003e\u003c/a\u003e test-events: Add {} and [] indicators to flow maps \u0026amp; sequences\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v1.10.2...v1.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.13.0 to 6.15.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.3\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003e[Fix] fix regressions from robustness refactor\n[actions] update reusable workflows\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/c85b67f0a35897c2d3d1dd2766a3c8f1bd9b371f\"\u003e\u003ccode\u003ec85b67f\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/4dfa0f09798f79b08c9727fde391b1aa4ec8572d\"\u003e\u003ccode\u003e4dfa0f0\u003c/code\u003e\u003c/a\u003e [Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/dbb05d7bd9a86b9125dd8e1e0d3dcae62abe106b\"\u003e\u003ccode\u003edbb05d7\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/b0cfe7cc01f3f7241c1d5cb444c99c0e87b68961\"\u003e\u003ccode\u003eb0cfe7c\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/d9b4c66303375493c68c42d68e363e50b1753771\"\u003e\u003ccode\u003ed9b4c66\u003c/code\u003e\u003c/a\u003e v6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/cb41a545a32422ad3044584d3c4fa8f953552605\"\u003e\u003ccode\u003ecb41a54\u003c/code\u003e\u003c/a\u003e [New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/88e15636da953397262bd3014ab8b0d17d5c8039\"\u003e\u003ccode\u003e88e1563\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9d441d270486c3cc77f17289a9e0921c0f742aff\"\u003e\u003ccode\u003e9d441d2\u003c/code\u003e\u003c/a\u003e Merge backport release tags v6.0.6–v6.13.3 into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/85cc8cac6b444c9b4cb1172a151ac8fdee0a0301\"\u003e\u003ccode\u003e85cc8ca\u003c/code\u003e\u003c/a\u003e v6.12.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.13.0...v6.15.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 2.79.2 to 2.80.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.80.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6277\"\u003e#6277\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d17ae15336a45c3c59b2a4aacac2b14186035d28\"\u003e\u003ccode\u003ed17ae15\u003c/code\u003e\u003c/a\u003e 2.80.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\"\u003e\u003ccode\u003ed6dee5e\u003c/code\u003e\u003c/a\u003e Validate bundle stays within output dir (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rollup/rollup/compare/v2.79.2...v2.80.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `underscore` from 1.12.1 to 1.13.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/bd2d35c87620a7da36250a006c97fdae89f4902d\"\u003e\u003ccode\u003ebd2d35c\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'upstream/master'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/2e7c0f2841f5d2d0172ee42a762193898a663e30\"\u003e\u003ccode\u003e2e7c0f2\u003c/code\u003e\u003c/a\u003e Update generated files, tag 1.13.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/732cafe9f580b6ee8fcb2102fe1babb65b29b810\"\u003e\u003ccode\u003e732cafe\u003c/code\u003e\u003c/a\u003e Underscore 1.13.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/e8f86fb4c670ff00abade85064c4a9cf4456fbbd\"\u003e\u003ccode\u003ee8f86fb\u003c/code\u003e\u003c/a\u003e Add changelog entry for versioin 1.13.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/43e827a166f3bdff061e0372dec73f42e6a225e1\"\u003e\u003ccode\u003e43e827a\u003c/code\u003e\u003c/a\u003e Bump the version to 1.13.6 (hotfix)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1c1d1a278a8c617c3be052cafcb1717910e0e64a\"\u003e\u003ccode\u003e1c1d1a2\u003c/code\u003e\u003c/a\u003e Remove patch-package postinstall script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4eb6894351edf20d589d2c2df7f20befeaf4a3e8\"\u003e\u003ccode\u003e4eb6894\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/2974\"\u003e#2974\u003c/a\u003e from paulsmithkc/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/2edcdc18b64db878b887a6047300e724995481e4\"\u003e\u003ccode\u003e2edcdc1\u003c/code\u003e\u003c/a\u003e Hostfix for broken builds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/66ee70d746399b3446a700492bc62f4117d4a21b\"\u003e\u003ccode\u003e66ee70d\u003c/code\u003e\u003c/a\u003e Verify that production and doc builds still work in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/68e5eb68635548846b4663479b9d0fc78d090b0a\"\u003e\u003ccode\u003e68e5eb6\u003c/code\u003e\u003c/a\u003e Update generated sources, tag 1.13.5 release\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.12.1...1.13.6\"\u003ecom...\n\n_Description has been truncated_","html_url":"https://github.com/GrantBirki/birki/pull/26","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GrantBirki%2Fbirki/issues/26","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/26/packages"},{"uuid":"4413669631","node_id":"PR_kwDORrxkis7Z5sWb","number":9,"state":"open","title":"Bump the npm_and_yarn group across 8 directories with 27 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T19:51:48.000Z","updated_at":"2026-05-09T19:52:35.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":27,"packages":[{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"brace-expansion","old_version":"2.0.1","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"9.0.5","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"form-data","old_version":"3.0.3","new_version":"3.0.4","repository_url":"https://github.com/form-data/form-data"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"on-headers","old_version":"1.0.2","new_version":"1.1.0","repository_url":"https://github.com/jshttp/on-headers"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"2.7.1","new_version":"2.8.4","repository_url":"https://github.com/eemeli/yaml"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.1","repository_url":"https://github.com/ljharb/qs"},{"name":"webpack","old_version":"5.99.5","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 2 updates in the /built-in-ai-extension directory: [ip-address](https://github.com/beaugunderson/ip-address) and [protobufjs](https://github.com/protobufjs/protobuf.js).\nBumps the npm_and_yarn group with 2 updates in the /built-in-ai-task-apis-polyfills directory: [ip-address](https://github.com/beaugunderson/ip-address) and [protobufjs](https://github.com/protobufjs/protobuf.js).\nBumps the npm_and_yarn group with 2 updates in the /prompt-api-polyfill directory: [ip-address](https://github.com/beaugunderson/ip-address) and [protobufjs](https://github.com/protobufjs/protobuf.js).\nBumps the npm_and_yarn group with 1 update in the /summarization-api-playground directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 1 update in the /summary-of-summaries directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 4 updates in the /toxic-review-warning directory: [picomatch](https://github.com/micromatch/picomatch), [svgo](https://github.com/svg/svgo), [@parcel/reporter-dev-server](https://github.com/parcel-bundler/parcel) and [tar-fs](https://github.com/mafintosh/tar-fs).\nBumps the npm_and_yarn group with 17 updates in the /weather-ai directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [form-data](https://github.com/form-data/form-data) | `3.0.3` | `3.0.4` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [yaml](https://github.com/eemeli/yaml) | `2.7.1` | `2.8.4` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.1` |\n| [webpack](https://github.com/webpack/webpack) | `5.99.5` | `5.106.2` |\n\nBumps the npm_and_yarn group with 3 updates in the /webmcp-evals directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [minimatch](https://github.com/isaacs/minimatch) and [protobufjs](https://github.com/protobufjs/protobuf.js).\n\nUpdates `ip-address` from 10.1.0 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.4 to 7.5.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.7/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8af8d7c0e9800879625f7d0d4a7fb51beb4410cd\"\u003e\u003ccode\u003e8af8d7c\u003c/code\u003e\u003c/a\u003e chore(ci): Fix 7.x release please configuration (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e92ca42244ad67203b48d836290062dae037ead6\"\u003e\u003ccode\u003ee92ca42\u003c/code\u003e\u003c/a\u003e chore(ci): Enable release-please for 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2166\"\u003e#2166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.1.0 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.4 to 7.5.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.7/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8af8d7c0e9800879625f7d0d4a7fb51beb4410cd\"\u003e\u003ccode\u003e8af8d7c\u003c/code\u003e\u003c/a\u003e chore(ci): Fix 7.x release please configuration (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e92ca42244ad67203b48d836290062dae037ead6\"\u003e\u003ccode\u003ee92ca42\u003c/code\u003e\u003c/a\u003e chore(ci): Enable release-please for 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2166\"\u003e#2166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.1.0 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.4 to 7.5.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.7/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8af8d7c0e9800879625f7d0d4a7fb51beb4410cd\"\u003e\u003ccode\u003e8af8d7c\u003c/code\u003e\u003c/a\u003e chore(ci): Fix 7.x release please configuration (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e92ca42244ad67203b48d836290062dae037ead6\"\u003e\u003ccode\u003ee92ca42\u003c/code\u003e\u003c/a\u003e chore(ci): Enable release-please for 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2166\"\u003e#2166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.4 to 7.5.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.7/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8af8d7c0e9800879625f7d0d4a7fb51beb4410cd\"\u003e\u003ccode\u003e8af8d7c\u003c/code\u003e\u003c/a\u003e chore(ci): Fix 7.x release please configuration (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e92ca42244ad67203b48d836290062dae037ead6\"\u003e\u003ccode\u003ee92ca42\u003c/code\u003e\u003c/a\u003e chore(ci): Enable release-please for 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2166\"\u003e#2166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.4 to 7.5.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.7/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8af8d7c0e9800879625f7d0d4a7fb51beb4410cd\"\u003e\u003ccode\u003e8af8d7c\u003c/code\u003e\u003c/a\u003e chore(ci): Fix 7.x release please configuration (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e92ca42244ad67203b48d836290062dae037ead6\"\u003e\u003ccode\u003ee92ca42\u003c/code\u003e\u003c/a\u003e chore(ci): Enable release-please for 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2166\"\u003e#2166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.1.0 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.8 to 8.5.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ec13948ae0006e1bde2dfb545346341ac8b2dcf\"\u003e\u003ccode\u003e3ec1394\u003c/code\u003e\u003c/a\u003e Release 8.5.14 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/f2bb827b20b591080977412555aa3e5baf588620\"\u003e\u003ccode\u003ef2bb827\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/d75953d60854ad835fd21dde0b11081522341020\"\u003e\u003ccode\u003ed75953d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2084\"\u003e#2084\u003c/a\u003e from 43081j/raw-raws-rawing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/68bd2139b5dcaf5a682bc2e8826d8557be2d1480\"\u003e\u003ccode\u003e68bd213\u003c/code\u003e\u003c/a\u003e fix: always call \u003ccode\u003eraw\u003c/code\u003e to retrieve raw values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/af58cf1b7af02e9b9fcb138a4a2d7ef3450158b1\"\u003e\u003ccode\u003eaf58cf1\u003c/code\u003e\u003c/a\u003e Release 8.5.13 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/f227dbd0e9443e5f33e18e633b8b4d2b55aac5ee\"\u003e\u003ccode\u003ef227dbd\u003c/code\u003e\u003c/a\u003e Temporary ignore pnpm 11 config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/d3abd40d723cf3559e5ddb5fc738b7cb64e92bb0\"\u003e\u003ccode\u003ed3abd40\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/dd06c3e11362087bc18f9c20cee30fd82bda3de9\"\u003e\u003ccode\u003edd06c3e\u003c/code\u003e\u003c/a\u003e Revert stringifier changes because of the conflict with postcss-scss\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/ae889c815fb88d785401a88f1a7dfc8cb11915fb\"\u003e\u003ccode\u003eae889c8\u003c/code\u003e\u003c/a\u003e Try to fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/e0093e49bcf00347383a13e40bb1f67bc823ca15\"\u003e\u003ccode\u003ee0093e4\u003c/code\u003e\u003c/a\u003e Move to pnpm 11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.8...8.5.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.4 to 7.5.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.7/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8af8d7c0e9800879625f7d0d4a7fb51beb4410cd\"\u003e\u003ccode\u003e8af8d7c\u003c/code\u003e\u003c/a\u003e chore(ci): Fix 7.x release please configuration (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e92ca42244ad67203b48d836290062dae037ead6\"\u003e\u003ccode\u003ee92ca42\u003c/code\u003e\u003c/a\u003e chore(ci): Enable release-please for 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2166\"\u003e#2166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.1.0 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.8 to 8.5.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ec13948ae0006e1bde2dfb545346341ac8b2dcf\"\u003e\u003ccode\u003e3ec1394\u003c/code\u003e\u003c/a\u003e Release 8.5.14 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/f2bb827b20b591080977412555aa3e5baf588620\"\u003e\u003ccode\u003ef2bb827\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/d75953d60854ad835fd21dde0b11081522341020\"\u003e\u003ccode\u003ed75953d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2084\"\u003e#2084\u003c/a\u003e from 43081j/raw-raws-rawing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/68bd2139b5dcaf5a682bc2e8826d8557be2d1480\"\u003e\u003ccode\u003e68bd213\u003c/code\u003e\u003c/a\u003e fix: always call \u003ccode\u003eraw\u003c/code\u003e to retrieve raw values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/af58cf1b7af02e9b9fcb138a4a2d7ef3450158b1\"\u003e\u003ccode\u003eaf58cf1\u003c/code\u003e\u003c/a\u003e Release 8.5.13 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/f227dbd0e9443e5f33e18e633b8b4d2b55aac5ee\"\u003e\u003ccode\u003ef227dbd\u003c/code\u003e\u003c/a\u003e Temporary ignore pnpm 11 config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/d3abd40d723cf3559e5ddb5fc738b7cb64e92bb0\"\u003e\u003ccode\u003ed3abd40\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/dd06c3e11362087bc18f9c20cee30fd82bda3de9\"\u003e\u003ccode\u003edd06c3e\u003c/code\u003e\u003c/a\u003e Revert stringifier changes because of the conflict with postcss-scss\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/ae889c815fb88d785401a88f1a7dfc8cb11915fb\"\u003e\u003ccode\u003eae889c8\u003c/code\u003e\u003c/a\u003e Try to fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/e0093e49bcf00347383a13e40bb1f67bc823ca15\"\u003e\u003ccode\u003ee0093e4\u003c/code\u003e\u003c/a\u003e Move to pnpm 11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.8...8.5.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.4 to 7.5.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.7/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8af8d7c0e9800879625f7d0d4a7fb51beb4410cd\"\u003e\u003ccode\u003e8af8d7c\u003c/code\u003e\u003c/a\u003e chore(ci): Fix 7.x release please configuration (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e92ca42244ad67203b48d836290062dae037ead6\"\u003e\u003ccode\u003ee92ca42\u003c/code\u003e\u003c/a\u003e chore(ci): Enable release-please for 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2166\"\u003e#2166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.1.0 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.8 to 8.5.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ec13948ae0006e1bde2dfb545346341ac8b2dcf\"\u003e\u003ccode\u003e3ec1394\u003c/code\u003e\u003c/a\u003e Release 8.5.14 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/f2bb827b20b591080977412555aa3e5baf588620\"\u003e\u003ccode\u003ef2bb827\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/d75953d60854ad835fd21dde0b11081522341020\"\u003e\u003ccode\u003ed75953d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2084\"\u003e#2084\u003c/a\u003e from 43081j/raw-raws-rawing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/68bd2139b5dcaf5a682bc2e8826d8557be2d1480\"\u003e\u003ccode\u003e68bd213\u003c/code\u003e\u003c/a\u003e fix: always call \u003ccode\u003eraw\u003c/code\u003e to retrieve raw values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/af58cf1b7af02e9b9fcb138a4a2d7ef3450158b1\"\u003e\u003ccode\u003eaf58cf1\u003c/code\u003e\u003c/a\u003e Release 8.5.13 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/f227dbd0e9443e5f33e18e633b8b4d2b55aac5ee\"\u003e\u003ccode\u003ef227dbd\u003c/code\u003e\u003c/a\u003e Temporary ignore pnpm 11 config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/d3abd40d723cf3559e5ddb5fc738b7cb64e92bb0\"\u003e\u003ccode\u003ed3abd40\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/dd06c3e11362087bc18f9c20cee30fd82bda3de9\"\u003e\u003ccode\u003edd06c3e\u003c/code\u003e\u003c/a\u003e Revert stringifier changes because of the conflict with postcss-scss\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/ae889c815fb88d785401a88f1a7dfc8cb11915fb\"\u003e\u003ccode\u003eae889c8\u003c/code\u003e\u003c/a\u003e Try to fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/e0093e49bcf00347383a13e40bb1f67bc823ca15\"\u003e\u003ccode\u003ee0093e4\u003c/code\u003e\u003c/a\u003e Move to pnpm 11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.8...8.5.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.4 to 7.5.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.7/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8af8d7c0e9800879625f7d0d4a7fb51beb4410cd\"\u003e\u003ccode\u003e8af8d7c\u003c/code\u003e\u003c/a\u003e chore(ci): Fix 7.x release please configuration (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e92ca42244ad67203b48d836290062dae037ead6\"\u003e\u003ccode\u003ee92ca42\u003c/code\u003e\u003c/a\u003e chore(ci): Enable release-please for 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2166\"\u003e#2166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.8 to 8.5.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ec13948ae0006e1bde2dfb545346341ac8b2dcf\"\u003e\u003ccode\u003e3ec1394\u003c/code\u003e\u003c/a\u003e Release 8.5.14 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/f2bb827b20b591080977412555aa3e5baf588620\"\u003e\u003ccode\u003ef2bb827\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/d75953d60854ad835fd21dde0b11081522341020\"\u003e\u003ccode\u003ed75953d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2084\"\u003e#2084\u003c/a\u003e from 43081j/raw-raws-rawing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/68bd2139b5dcaf5a682bc2e8826d8557be2d1480\"\u003e\u003ccode\u003e68bd213\u003c/code\u003e\u003c/a\u003e fix: always call \u003ccode\u003eraw\u003c/code\u003e to retrieve raw values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/af58cf1b7af02e9b9fcb138a4a2d7ef3450158b1\"\u003e\u003ccode\u003eaf58cf1\u003c/code\u003e\u003c/a\u003e Release 8.5.13 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/f227dbd0e9443e5f33e18e633b8b4d2b55aac5ee\"\u003e\u003ccode\u003ef227dbd\u003c/code\u003e\u003c/a\u003e Temporary ignore pnpm 11 config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/d3abd40d723cf3559e5ddb5fc738b7cb64e92bb0\"\u003e\u003ccode\u003ed3abd40\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/dd06c3e11362087bc18f9c20cee30fd82bda3de9\"\u003e\u003ccode\u003edd06c3e\u003c/code\u003e\u003c/a\u003e Revert stringifier changes because of the conflict with postcss-scss\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/ae889c815fb88d785401a88f1a7dfc8cb11915fb\"\u003e\u003ccode\u003eae889c8\u003c/code\u003e\u003c/a\u003e Try to fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=...\n\n_Description has been truncated_","html_url":"https://github.com/danielbodnar/web-ai-demos/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielbodnar%2Fweb-ai-demos/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"},{"uuid":"4413661450","node_id":"PR_kwDORrxkis7Z5qyt","number":6,"state":"closed","title":"Bump the npm_and_yarn group across 5 directories with 25 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-09T19:48:34.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-09T19:47:46.000Z","updated_at":"2026-05-09T19:48:35.000Z","time_to_close":48,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":25,"packages":[{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"brace-expansion","old_version":"2.0.1","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"9.0.5","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"form-data","old_version":"3.0.3","new_version":"3.0.4","repository_url":"https://github.com/form-data/form-data"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"on-headers","old_version":"1.0.2","new_version":"1.1.0","repository_url":"https://github.com/jshttp/on-headers"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"2.7.1","new_version":"2.8.4","repository_url":"https://github.com/eemeli/yaml"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.1","repository_url":"https://github.com/ljharb/qs"},{"name":"webpack","old_version":"5.99.5","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 1 update in the /summarization-api-playground directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 1 update in the /summary-of-summaries directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 2 updates in the /toxic-review-warning directory: [@parcel/reporter-dev-server](https://github.com/parcel-bundler/parcel) and [tar-fs](https://github.com/mafintosh/tar-fs).\nBumps the npm_and_yarn group with 17 updates in the /weather-ai directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [form-data](https://github.com/form-data/form-data) | `3.0.3` | `3.0.4` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [yaml](https://github.com/eemeli/yaml) | `2.7.1` | `2.8.4` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.1` |\n| [webpack](https://github.com/webpack/webpack) | `5.99.5` | `5.106.2` |\n\nBumps the npm_and_yarn group with 3 updates in the /webmcp-evals directory: [protobufjs](https://github.com/protobufjs/protobuf.js), [brace-expansion](https://github.com/juliangruber/brace-expansion) and [minimatch](https://github.com/isaacs/minimatch).\n\nUpdates `vite` from 5.4.12 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev5.4.21\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev5.4.20\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/ca88ed7398288ce0c60176ac9a6392f10654c67c/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.4 (2025-04-30)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: check static serve file inside sirv (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965\"\u003e#19965\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb\"\u003ec22c43d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19965\"\u003e#19965\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(optimizer): return plain object when using \u003ccode\u003erequire\u003c/code\u003e to import externals in optimized dependenci (\u003ca href=\"https://github.com/vitejs/vite/commit/efc5eab253419fde0a6a48b8d2f233063d6a9643\"\u003eefc5eab\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19940\"\u003e#19940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: remove duplicate plugin context type (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19935\"\u003e#19935\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/d6d01c2292fa4f9603e05b95d81c8724314c20e0\"\u003ed6d01c2\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19935\"\u003e#19935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.3 (2025-04-24)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: ignore malformed uris in tranform middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19853\"\u003e#19853\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e4d520141bcd83ad61f16767348b4a813bf9340a\"\u003ee4d5201\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19853\"\u003e#19853\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vite since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.21.5 to 0.25.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.25.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix a minification regression with CSS media queries (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4315\"\u003e#4315\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for \u003ccode\u003e@media \u0026lt;media-type\u0026gt; and \u0026lt;media-condition-without-or\u0026gt; { ... }\u003c/code\u003e was missing an equality check for the \u003ccode\u003e\u0026lt;media-condition-without-or\u0026gt;\u003c/code\u003e part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate the list of known JavaScript globals (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4310\"\u003e#4310\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global \u003ccode\u003eArray\u003c/code\u003e property is considered to be side-effect free but accessing the global \u003ccode\u003escrollY\u003c/code\u003e property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:\u003c/p\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2017/\"\u003eES2017\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAtomics\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSharedArrayBuffer\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2020/\"\u003eES2020\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eBigInt64Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eBigUint64Array\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2021/\"\u003eES2021\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eFinalizationRegistry\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWeakRef\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2025/\"\u003eES2025\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eIterator\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from \u003ccode\u003eIterator\u003c/code\u003e:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// This can now be tree-shaken by esbuild:\nclass ExampleIterator extends Iterator {}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for the new \u003ccode\u003e@view-transition\u003c/code\u003e CSS rule (\u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4313\"\u003e#4313\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eWith this release, esbuild now has improved support for pretty-printing and minifying the new \u003ccode\u003e@view-transition\u003c/code\u003e rule (which esbuild was previously unaware of):\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\n@view-transition {\n  navigation: auto;\n  types: check;\n}\n\u003cp\u003e/* Old output */\u003cbr /\u003e\n\u003ca href=\"https://github.com/view-transition\"\u003e\u003ccode\u003e@​view-transition\u003c/code\u003e\u003c/a\u003e { navigation: auto; types: check; }\u003c/p\u003e\n\u003cp\u003e/* New output */\u003cbr /\u003e\n\u003ca href=\"https://github.com/view-transition\"\u003e\u003ccode\u003e@​view-transition\u003c/code\u003e\u003c/a\u003e {\u003cbr /\u003e\nnavigation: auto;\u003cbr /\u003e\ntypes: check;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2024\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).\u003c/p\u003e\n\u003ch2\u003e0.24.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix regression with \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003eimport.meta\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4010\"\u003e#4010\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4012\"\u003e#4012\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4013\"\u003e#4013\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous change in version 0.24.1 to use a more expression-like parser for \u003ccode\u003edefine\u003c/code\u003e values to allow quoted property names introduced a regression that removed the ability to use \u003ccode\u003e--define:import.meta=...\u003c/code\u003e. Even though \u003ccode\u003eimport\u003c/code\u003e is normally a keyword that can't be used as an identifier, ES modules special-case the \u003ccode\u003eimport.meta\u003c/code\u003e expression to behave like an identifier anyway. This change fixes the regression.\u003c/p\u003e\n\u003cp\u003eThis fix was contributed by \u003ca href=\"https://github.com/sapphi-red\"\u003e\u003ccode\u003e@​sapphi-red\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAllow \u003ccode\u003ees2024\u003c/code\u003e as a target in \u003ccode\u003etsconfig.json\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4004\"\u003e#4004\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eTypeScript recently \u003ca href=\"https://devblogs.microsoft.com/typescript/announcing-typescript-5-7/#support-for---target-es2024-and---lib-es2024\"\u003eadded \u003ccode\u003ees2024\u003c/code\u003e\u003c/a\u003e as a compilation target, so esbuild now supports this in the \u003ccode\u003etarget\u003c/code\u003e field of \u003ccode\u003etsconfig.json\u003c/code\u003e files, such as in the following configuration file:\u003c/p\u003e\n\u003cpre lang=\"json\"\u003e\u003ccode\u003e{\n  \u0026quot;compilerOptions\u0026quot;: {\n    \u0026quot;target\u0026quot;: \u0026quot;ES2024\u0026quot;\n  }\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eAs a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in \u003ca href=\"https://esbuild.github.io/content-types/#tsconfig-json\"\u003ethe documentation\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis fix was contributed by \u003ca href=\"https://github.com/billyjanitsch\"\u003e\u003ccode\u003e@​billyjanitsch\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow automatic semicolon insertion after \u003ccode\u003eget\u003c/code\u003e/\u003ccode\u003eset\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eThis change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:\u003c/p\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003eclass Foo {\n  get\n  *x() {}\n  set\n  *y() {}\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe above code will be considered valid starting with this release. This change to esbuild follows a \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/pull/60225\"\u003esimilar change to TypeScript\u003c/a\u003e which will allow this syntax starting with TypeScript 5.7.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow quoted property names in \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003e--pure\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4008\"\u003e#4008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003edefine\u003c/code\u003e and \u003ccode\u003epure\u003c/code\u003e API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003e--pure\u003c/code\u003e consistent with \u003ccode\u003e--global-name\u003c/code\u003e, which already supported quoted property names. For example, the following is now possible:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/208f539945b145e7c9d6d844290f81c3fe5af320\"\u003e\u003ccode\u003e208f539\u003c/code\u003e\u003c/a\u003e publish 0.25.12 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/5f03afdd007f6626d4300afc7cbb5bf7c9554393\"\u003e\u003ccode\u003e5f03afd\u003c/code\u003e\u003c/a\u003e update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/6b2ee78d7f273d7ed4c4bb08b516939b373bcd67\"\u003e\u003ccode\u003e6b2ee78\u003c/code\u003e\u003c/a\u003e minify: remove css rules containing empty \u003ccode\u003e:is()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f361debd61ffa0ae2d810fbe0e4c9d39183ed4c6\"\u003e\u003ccode\u003ef361deb\u003c/code\u003e\u003c/a\u003e add some additional known static methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/07aa646bb2fd9c5eb1de804edf9eae5bd1617637\"\u003e\u003ccode\u003e07aa646\u003c/code\u003e\u003c/a\u003e automatically mark \u0026quot;RegExp.escape()\u0026quot; calls as pure\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9039c468258fd9a19eeaf5e05fd6a3d582b46d3a\"\u003e\u003ccode\u003e9039c46\u003c/code\u003e\u003c/a\u003e simplify some call expression checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/188944dd946dd54d50bbe844dc22969b604589d0\"\u003e\u003ccode\u003e188944d\u003c/code\u003e\u003c/a\u003e add some additional known static methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/d3c67f9e94267d06337d2e2e0d837844d2cac6bd\"\u003e\u003ccode\u003ed3c67f9\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4310\"\u003e#4310\u003c/a\u003e: add \u003ccode\u003eIterator\u003c/code\u003e and other known globals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/4a51f0b24d343d7ae5b7d5a3e5c3afce3f96a0f8\"\u003e\u003ccode\u003e4a51f0b\u003c/code\u003e\u003c/a\u003e fix: escape dev server breadcrumb hrefs properly (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4316\"\u003e#4316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/26b29ed51ffe20730ffaf69921dbb53e27de464a\"\u003e\u003ccode\u003e26b29ed\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4315\"\u003e#4315\u003c/a\u003e: \u003ccode\u003e@media\u003c/code\u003e deduplication bug edge case\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.21.5...v0.25.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 4.22.4 to 4.60.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.80.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6277\"\u003e#6277\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d17ae15336a45c3c59b2a4aacac2b14186035d28\"\u003e\u003ccode\u003ed17ae15\u003c/code\u003e\u003c/a\u003e 2.80.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\"\u003e\u003ccode\u003ed6dee5e\u003c/code\u003e\u003c/a\u003e Validate bundle stays within output dir (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rollup/rollup/compare/v2.79.2...v2.80.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 5.4.12 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev5.4.21\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev5.4.20\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/ca88ed7398288ce0c60176ac9a6392f10654c67c/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.4 (2025-04-30)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: check static serve file inside sirv (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965\"\u003e#19965\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb\"\u003ec22c43d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19965\"\u003e#19965\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(optimizer): return plain object when using \u003ccode\u003erequire\u003c/code\u003e to import externals in optimized dependenci (\u003ca href=\"https://github.com/vitejs/vite/commit/efc5eab253419fde0a6a48b8d2f233063d6a9643\"\u003eefc5eab\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19940\"\u003e#19940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: remove duplicate plugin context type (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19935\"\u003e#19935\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/d6d01c2292fa4f9603e05b95d81c8724314c20e0\"\u003ed6d01c2\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19935\"\u003e#19935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.3 (2025-04-24)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: ignore malformed uris in tranform middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19853\"\u003e#19853\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e4d520141bcd83ad61f16767348b4a813bf9340a\"\u003ee4d5201\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19853\"\u003e#19853\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vite since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.21.5 to 0.25.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.25.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix a minification regression with CSS media queries (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4315\"\u003e#4315\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for \u003ccode\u003e@media \u0026lt;media-type\u0026gt; and \u0026lt;media-condition-without-or\u0026gt; { ... }\u003c/code\u003e was missing an equality check for the \u003ccode\u003e\u0026lt;media-condition-without-or\u0026gt;\u003c/code\u003e part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate the list of known JavaScript globals (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4310\"\u003e#4310\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global \u003ccode\u003eArray\u003c/code\u003e property is considered to be side-effect free but accessing the global \u003ccode\u003escrollY\u003c/code\u003e property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:\u003c/p\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2017/\"\u003eES2017\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAtomics\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSharedArrayBuffer\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2020/\"\u003eES2020\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eBigInt64Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eBigUint64Array\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2021/\"\u003eES2021\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eFinalizationRegistry\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWeakRef\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2025/\"\u003eES2025\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eIterator\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from \u003ccode\u003eIterator\u003c/code\u003e:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// This can now be tree-shaken by esbuild:\nclass ExampleIterator extends Iterator {}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for the new \u003ccode\u003e@view-transition\u003c/code\u003e CSS rule (\u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4313\"\u003e#4313\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eWith this release, esbuild now has improved support for pretty-printing and minifying the new \u003ccode\u003e@view-transition\u003c/code\u003e rule (which esbuild was previously unaware of):\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\n@view-transition {\n  navigation: auto;\n  types: check;\n}\n\u003cp\u003e/* Old output */\u003cbr /\u003e\n\u003ca href=\"https://github.com/view-transition\"\u003e\u003ccode\u003e@​view-transition\u003c/code\u003e\u003c/a\u003e { navigation: auto; types: check; }\u003c/p\u003e\n\u003cp\u003e/* New output */\u003cbr /\u003e\n\u003ca href=\"https://github.com/view-transition\"\u003e\u003ccode\u003e@​view-transition\u003c/code\u003e\u003c/a\u003e {\u003cbr /\u003e\nnavigation: auto;\u003cbr /\u003e\ntypes: check;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2024\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).\u003c/p\u003e\n\u003ch2\u003e0.24.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix regression with \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003eimport.meta\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4010\"\u003e#4010\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4012\"\u003e#4012\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4013\"\u003e#4013\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous change in version 0.24.1 to use a more expression-like parser for \u003ccode\u003edefine\u003c/code\u003e values to allow quoted property names introduced a regression that removed the ability to use \u003ccode\u003e--define:import.meta=...\u003c/code\u003e. Even though \u003ccode\u003eimport\u003c/code\u003e is normally a keyword that can't be used as an identifier, ES modules special-case the \u003ccode\u003eimport.meta\u003c/code\u003e expression to behave like an identifier anyway. This change fixes the regression.\u003c/p\u003e\n\u003cp\u003eThis fix was contributed by \u003ca href=\"https://github.com/sapphi-red\"\u003e\u003ccode\u003e@​sapphi-red\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAllow \u003ccode\u003ees2024\u003c/code\u003e as a target in \u003ccode\u003etsconfig.json\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4004\"\u003e#4004\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eTypeScript recently \u003ca href=\"https://devblogs.microsoft.com/typescript/announcing-typescript-5-7/#support-for---target-es2024-and---lib-es2024\"\u003eadded \u003ccode\u003ees2024\u003c/code\u003e\u003c/a\u003e as a compilation target, so esbuild now supports this in the \u003ccode\u003etarget\u003c/code\u003e field of \u003ccode\u003etsconfig.json\u003c/code\u003e files, such as in the following configuration file:\u003c/p\u003e\n\u003cpre lang=\"json\"\u003e\u003ccode\u003e{\n  \u0026quot;compilerOptions\u0026quot;: {\n    \u0026quot;target\u0026quot;: \u0026quot;ES2024\u0026quot;\n  }\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eAs a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in \u003ca href=\"https://esbuild.github.io/content-types/#tsconfig-json\"\u003ethe documentation\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis fix was contributed by \u003ca href=\"https://github.com/billyjanitsch\"\u003e\u003ccode\u003e@​billyjanitsch\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow automatic semicolon insertion after \u003ccode\u003eget\u003c/code\u003e/\u003ccode\u003eset\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eThis change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:\u003c/p\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003eclass Foo {\n  get\n  *x() {}\n  set\n  *y() {}\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe above code will be considered valid starting with this release. This change to esbuild follows a \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/pull/60225\"\u003esimilar change to TypeScript\u003c/a\u003e which will allow this syntax starting with TypeScript 5.7.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow quoted property names in \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003e--pure\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4008\"\u003e#4008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003edefine\u003c/code\u003e and \u003ccode\u003epure\u003c/code\u003e API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003e--pure\u003c/code\u003e consistent with \u003ccode\u003e--global-name\u003c/code\u003e, which already supported quoted property names. For example, the following is now possible:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/208f539945b145e7c9d6d844290f81c3fe5af320\"\u003e\u003ccode\u003e208f539\u003c/code\u003e\u003c/a\u003e publish 0.25.12 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/5f03afdd007f6626d4300afc7cbb5bf7c9554393\"\u003e\u003ccode\u003e5f03afd\u003c/code\u003e\u003c/a\u003e update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/6b2ee78d7f273d7ed4c4bb08b516939b373bcd67\"\u003e\u003ccode\u003e6b2ee78\u003c/code\u003e\u003c/a\u003e minify: remove css rules containing empty \u003ccode\u003e:is()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f361debd61ffa0ae2d810fbe0e4c9d39183ed4c6\"\u003e\u003ccode\u003ef361deb\u003c/code\u003e\u003c/a\u003e add some additional known static methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/07aa646bb2fd9c5eb1de804edf9eae5bd1617637\"\u003e\u003ccode\u003e07aa646\u003c/code\u003e\u003c/a\u003e automatically mark \u0026quot;RegExp.escape()\u0026quot; calls as pure\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9039c468258fd9a19eeaf5e05fd6a3d582b46d3a\"\u003e\u003ccode\u003e9039c46\u003c/code\u003e\u003c/a\u003e simplify some call expression checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/188944dd946dd54d50bbe844dc22969b604589d0\"\u003e\u003ccode\u003e188944d\u003c/code\u003e\u003c/a\u003e add some additional known static methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/d3c67f9e94267d06337d2e2e0d837844d2cac6bd\"\u003e\u003ccode\u003ed3c67f9\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4310\"\u003e#4310\u003c/a\u003e: add \u003ccode\u003eIterator\u003c/code\u003e and other known globals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/4a51f0b24d343d7ae5b7d5a3e5c3afce3f96a0f8\"\u003e\u003ccode\u003e4a51f0b\u003c/code\u003e\u003c/a\u003e fix: escape dev server breadcrumb hrefs properly (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4316\"\u003e#4316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/26b29ed51ffe20730ffaf69921dbb53e27de464a\"\u003e\u003ccode\u003e26b29ed\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4315\"\u003e#4315\u003c/a\u003e: \u003ccode\u003e@media\u003c/code\u003e deduplication bug edge case\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.21.5...v0.25.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 4.22.4 to 4.60.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.80.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6277\"\u003e#6277\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d17ae15336a45c3c59b2a4aacac2b14186035d28\"\u003e\u003ccode\u003ed17ae15\u003c/code\u003e\u003c/a\u003e 2.80.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\"\u003e\u003ccode\u003ed6dee5e\u003c/code\u003e\u003c/a\u003e Validate bundle stays within output dir (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rollup/rollup/compare/v2.79.2...v2.80.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 4.22.4 to 4.60.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.80.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6277\"\u003e#6277\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d17ae15336a45c3c59b2a4aacac2b14186035d28\"\u003e\u003ccode\u003ed17ae15\u003c/code\u003e\u003c/a\u003e 2.80.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\"\u003e\u003ccode\u003ed6dee5e\u003c/code\u003e\u003c/a\u003e Validate bundle stays within output dir (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rollup/rollup/compare/v2.79.2...v2.80.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 5.4.11 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev5.4.21\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev5.4.20\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/ca88ed7398288ce0c60176ac9a6392f10654c67c/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.4 (2025-04-30)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: check static serve file inside sirv (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965\"\u003e#19965\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb\"\u003ec22c43d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19965\"\u003e#19965\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(optimizer): return plain object when using \u003ccode\u003erequire\u003c/code\u003e to import externals in optimized dependenci (\u003ca href=\"https://github.com/vitejs/vite/commit/efc5eab253419fde0a6a48b8d2f233063d6a9643\"\u003eefc5eab\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19940\"\u003e#19940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: remove duplicate plugin context type (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19935\"\u003e#19935\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/d6d01c2292fa4f9603e05b95d81c8724314c20e0\"\u003ed6d01c2\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19935\"\u003e#19935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.3 (2025-04-24)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: ignore malformed uris in tranform middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19853\"\u003e#19853\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e4d520141bcd83ad61f16767348b4a813bf9340a\"\u003ee4d5201\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19853\"\u003e#19853\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vite since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.21.5 to 0.25.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.25.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix a minification regression with CSS media queries (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4315\"\u003e#4315\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for \u003ccode\u003e@media \u0026lt;media-type\u0026gt; and \u0026lt;media-condition-without-or\u0026gt; { ... }\u003c/code\u003e was missing an equality check for the \u003ccode\u003e\u0026lt;media-condition-without-or\u0026gt;\u003c/code\u003e part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate the list of known JavaScript globals (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4310\"\u003e#4310\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global \u003ccode\u003eArray\u003c/code\u003e property is considered to be side-effect free but accessing the global \u003ccode\u003escrollY\u003c/code\u003e property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:\u003c/p\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2017/\"\u003eES2017\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAtomics\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSharedArrayBuffer\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2020/\"\u003eES2020\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eBigInt64Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eBigUint64Array\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2021/\"\u003eES2021\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eFinalizationRegistry\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWeakRef\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2025/\"\u003eES2025\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eIterator\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from \u003ccode\u003eIterator\u003c/code\u003e:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// This can now be tree-shaken by esbuild:\nclass ExampleIterator extends Iterator {}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for the new \u003ccode\u003e@view-transition\u003c/code\u003e CSS rule (\u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4313\"\u003e#4313\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eWith this release, esbuild now has improved support for pretty-printing and minifying the new \u003ccode\u003e@view-transition\u003c/code\u003e rule (which esbuild was previously unaware of):\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\n@view-transition {\n  navigation: auto;\n  types: check;\n}\n\u003cp\u003e/* Old output */\u003cbr /\u003e\n\u003ca href=\"https://github.com/view-transition\"\u003e\u003ccode\u003e@​view-transition\u003c/code\u003e\u003c/a\u003e { navigation: auto; types: check; }\u003c/p\u003e\n\u003cp\u003e/* New output */\u003cbr /\u003e\n\u003ca href=\"https://github.com/view-transition\"\u003e\u003ccode\u003e@​view-transition\u003c/code\u003e\u003c/a\u003e {\u003cbr /\u003e\nnavigation: auto;\u003cbr /\u003e\ntypes: check;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2024\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).\u003c/p\u003e\n\u003ch2\u003e0.24.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix regression with \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003eimport.meta\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4010\"\u003e#4010\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4012\"\u003e#4012\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4013\"\u003e#4013\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous change in version 0.24.1 to use a more expression-like parser for \u003ccode\u003edefine\u003c/code\u003e values to allow quoted property names introduced a regression that removed the ability to use \u003ccode\u003e--define:import.meta=...\u003c/code\u003e. Even though \u003ccode\u003eimport\u003c/code\u003e is normally a keyword that can't be used as an identifier, ES modules special-case the \u003ccode\u003eimport.meta\u003c/code\u003e expression to behave like an identifier anyway. This change fixes the regression.\u003c/p\u003e\n\u003cp\u003eThis fix was contributed by \u003ca href=\"https://github.com/sapphi-red\"\u003e\u003ccode\u003e@​sapphi-red\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAllow \u003ccode\u003ees2024\u003c/code\u003e as a target in \u003ccode\u003etsconfig.json\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4004\"\u003e#4004\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eTypeScript recently \u003ca href=\"https://devblogs.microsoft.com/typescript/announcing-typescript-5-7/#support-for---target-es2024-and---lib-es2024\"\u003eadded \u003ccode\u003ees2024\u003c/code\u003e\u003c/a\u003e as a compilation target, so esbuild now supports this in the \u003ccode\u003etarget\u003c/code\u003e field of \u003ccode\u003etsconfig.json\u003c/code\u003e files, such as in the following configuration file:\u003c/p\u003e\n\u003cpre lang=\"json\"\u003e\u003ccode\u003e{\n  \u0026quot;compilerOptions\u0026quot;: {\n    \u0026quot;target\u0026quot;: \u0026quot;ES2024\u0026quot;\n  }\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eAs a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in \u003ca href=\"https://esbuild.github.io/content-types/#tsconfig-json\"\u003ethe documentation\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis fix was contributed by \u003ca href=\"https://github.com/billyjanitsch\"\u003e\u003ccode\u003e@​billyjanitsch\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow automatic semicolon insertion after \u003ccode\u003eget\u003c/code\u003e/\u003ccode\u003eset\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eThis change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:\u003c/p\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003eclass Foo {\n  get\n  *x() {}\n  set\n  *y() {}\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe above code will be considered valid starting with this release. This change to esbuild follows a \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/pull/60225\"\u003esimilar change to TypeScript\u003c/a\u003e which will allow this syntax starting with TypeScript 5.7.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow quoted property names in \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003e--pure\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4008\"\u003e#4008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003edefine\u003c/code\u003e and \u003ccode\u003epure\u003c/code\u003e API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003e--pure\u003c/code\u003e consistent with \u003ccode\u003e--global-name\u003c/code\u003e, which already supported quoted property names. For example, the following is now possible:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/208f539945b145e7c9d6d844290f81c3fe5af320\"\u003e\u003ccode\u003e208f539\u003c/code\u003e\u003c/a\u003e publish 0.25.12 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/5f03afdd007f6626d4300afc7cbb5bf7c9554393\"\u003e\u003ccode\u003e5f03afd\u003c/code\u003e\u003c/a\u003e update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/6b2ee78d7f273d7ed4c4bb08b516939b373bcd67\"\u003e\u003ccode\u003e6b2ee78\u003c/code\u003e\u003c/a\u003e minify: remove css rules containing empty \u003ccode\u003e:is()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f361debd61ffa0ae2d810fbe0e4c9d39183ed4c6\"\u003e\u003ccode\u003ef361deb\u003c/code\u003e\u003c/a\u003e add some additional known static methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/07aa646bb2fd9c5eb1de804edf9eae5bd1617637\"\u003e\u003ccode\u003e07aa646\u003c/code\u003e\u003c/a\u003e automatically mark \u0026quot;RegExp.escape()\u0026quot; calls as pure\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9039c468258fd9a19eeaf5e05fd6a3d582b46d3a\"\u003e\u003ccode\u003e9039c46\u003c/code\u003e\u003c/a\u003e simplify some call expression checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/188944dd946dd54d50bbe844dc22969b604589d0\"\u003e\u003ccode\u003e188944d\u003c/code\u003e\u003c/a\u003e add some additional known static methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/d3c67f9e94267d06337d2e2e0d837844d2cac6bd\"\u003e\u003ccode\u003ed3c67f9\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4310\"\u003e#4310\u003c/a\u003e: add \u003ccode\u003eIterator\u003c/code\u003e and other known globals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/4a51f0b24d343d7ae5b7d5a3e5c3afce3f96a0f8\"\u003e\u003ccode\u003e4a51f0b\u003c/code\u003e\u003c/a\u003e fix: escape dev server breadcrumb hrefs properly (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4316\"\u003e#4316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/26b29ed51ffe20730ffaf69921dbb53e27de464a\"\u003e\u003ccode\u003e26b29ed\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4315\"\u003e#4315\u003c/a\u003e: \u003ccode\u003e@media\u003c/code\u003e deduplication bug edge case\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.21.5...v0.25.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.4.49 to 8.5.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003ePostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e...\n\n_Description has been truncated_","html_url":"https://github.com/danielbodnar/web-ai-demos/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielbodnar%2Fweb-ai-demos/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"},{"uuid":"4410503783","node_id":"PR_kwDOOheLgc7Zvr47","number":37,"state":"closed","title":"Bump the npm_and_yarn group across 1 directory with 24 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-17T07:39:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-09T01:29:47.000Z","updated_at":"2026-05-17T07:39:30.000Z","time_to_close":713381,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":24,"packages":[{"name":"fast-xml-parser","old_version":"4.4.1","new_version":"5.7.3","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.22.5","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"aws-cdk-lib","old_version":"2.80.0","new_version":"2.189.1","repository_url":"https://github.com/aws/aws-cdk"},{"name":"form-data","old_version":"3.0.1","new_version":"3.0.4","repository_url":"https://github.com/form-data/form-data"},{"name":"basic-ftp","old_version":"5.0.4","new_version":"5.3.1","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"diff","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"path-to-regexp","old_version":"0.1.10","new_version":"1.9.0","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"flatted","old_version":"3.2.9","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"http-proxy-middleware","old_version":"2.0.7","new_version":"2.0.9","repository_url":"https://github.com/chimurai/http-proxy-middleware"},{"name":"immutable","old_version":"4.3.0","new_version":"4.3.8","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"ip-address","old_version":"9.0.5","new_version":"10.2.0","repository_url":"https://github.com/beaugunderson/ip-address"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"nanoid","old_version":"3.3.7","new_version":"3.3.12","repository_url":"https://github.com/ai/nanoid"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"on-headers","old_version":"1.0.2","new_version":"1.1.0","repository_url":"https://github.com/jshttp/on-headers"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"svgo","old_version":"3.0.2","new_version":"3.3.3","repository_url":"https://github.com/svg/svgo"},{"name":"svgo","old_version":"2.8.0","new_version":"2.8.2","repository_url":"https://github.com/svg/svgo"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.1","repository_url":"https://github.com/ljharb/qs"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"webpack","old_version":"5.94.0","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 21 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.4.1` | `5.7.3` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.22.5` | `7.29.4` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [aws-cdk-lib](https://github.com/aws/aws-cdk/tree/HEAD/packages/aws-cdk-lib) | `2.80.0` | `2.189.1` |\n| [form-data](https://github.com/form-data/form-data) | `3.0.1` | `3.0.4` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.0.4` | `5.3.1` |\n| [diff](https://github.com/kpdecker/jsdiff) | `4.0.2` | `4.0.4` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.10` | `1.9.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.9` | `3.4.2` |\n| [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.7` | `2.0.9` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `4.3.0` | `4.3.8` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `9.0.5` | `10.2.0` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.12` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [svgo](https://github.com/svg/svgo) | `3.0.2` | `3.3.3` |\n| [svgo](https://github.com/svg/svgo) | `2.8.0` | `2.8.2` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.1` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.94.0` | `5.106.2` |\n\n\nUpdates `fast-xml-parser` from 4.4.1 to 5.7.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/releases\"\u003efast-xml-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003efix minor old bugs and update builder\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: alwaysCreateTextNode should create text node when attributes are present for self closing node\u003c/li\u003e\n\u003cli\u003efix stop node expression when ns prefix is removed (found by \u003ca href=\"https://github.com/iruizsalinas\"\u003eiruizsalinas\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate XML Builder to 1.1.7\u003c/li\u003e\n\u003cli\u003emark addEntity deprecated\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ebackward compatibility for numerical external entity, fix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eallow numerical external entity for backward compatibility\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e: attributesGroupName working with preserveOrder\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e: stackoverflow when tag expression is very long\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eupgrade \u003ccode\u003e@​nodable/entities\u003c/code\u003e and FXB\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e@nodable/entities\u003c/code\u003e v2.1.0\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003esingle entity scan. You're not allowed to use entity value to form another entity name.\u003c/li\u003e\n\u003cli\u003eyou cant add numeric external entity\u003c/li\u003e\n\u003cli\u003eentity error message when expantion limit is crossed might change\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etypings are updated for new options related to process entity\u003c/li\u003e\n\u003cli\u003eplease follow documentation of \u003ccode\u003e@nodable/entities\u003c/code\u003e for more detail.\u003c/li\u003e\n\u003cli\u003eperformance\n\u003cul\u003e\n\u003cli\u003eif processEntities is false, then there should not be impact on performance.\u003c/li\u003e\n\u003cli\u003eif processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%\u003c/li\u003e\n\u003cli\u003eif processEntities is true, and you pass entity decoder separately\n\u003cul\u003e\n\u003cli\u003eif no entity then performance should be same as before\u003c/li\u003e\n\u003cli\u003eif there are entities then performance should be increased from past versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eignoreAttributes is not required to be set to set xml version for NCR entity value\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate 'fast-xml-builder' to sanitize malicious CDATA and comment's content\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003euse \u003ccode\u003e@​nodable/entities\u003c/code\u003e to replace entities\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo API change\u003c/li\u003e\n\u003cli\u003eNo change in performance for basic usage\u003c/li\u003e\n\u003cli\u003eNo typing change\u003c/li\u003e\n\u003cli\u003eNo config change\u003c/li\u003e\n\u003cli\u003enew dependency\u003c/li\u003e\n\u003cli\u003ebreaking: error messages for entities might have been changed.\u003c/li\u003e\n\u003cli\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0\"\u003ehttps://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eperformance improvment, increase entity expansion default limit\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eincrease default entity explansion limit as many projects demand for that\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre\u003e\u003ccode\u003emaxEntitySize: 10000,\r\nmaxExpansionDepth: 10000,\r\nmaxTotalExpansions: Infinity,\r\nmaxExpandedLength: 100000,\r\nmaxEntityCount: 1000,\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eperformance improvement\n\u003cul\u003e\n\u003cli\u003ereduce calls to toString\u003c/li\u003e\n\u003cli\u003eearly return when entities are not present\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md\"\u003efast-xml-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003eNote: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003eNote: Due to some last quick changes on v4, detail of v4.5.3 \u0026amp; v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.3 / 2006-05-05\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: alwaysCreateTextNode should create text node when attributes are present for self closing node\u003c/li\u003e\n\u003cli\u003efix stop node expression when ns prefix is removed (found by \u003ca href=\"https://github.com/iruizsalinas\"\u003eiruizsalinas\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate XML Builder to 1.1.7\u003c/li\u003e\n\u003cli\u003emark addEntity deprecated\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.2 / 2026-04-25\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eallow numerical external entity for backward compatibility\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e: attributesGroupName working with preserveOrder\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e: stackoverflow when tag expression is very long\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.1 / 2026-04-20\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix typo in CJS typing file\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.0 / 2026-04-17\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e@nodable/entities\u003c/code\u003e v2.1.0\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003esingle entity scan. You're not allowed to user entity value to form another entity name.\u003c/li\u003e\n\u003cli\u003eyou cant add numeric external entity\u003c/li\u003e\n\u003cli\u003eentity error message when expantion limit is crossed might change\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etypings are updated for new options related to process entity\u003c/li\u003e\n\u003cli\u003eplease follow documentation of \u003ccode\u003e@nodable/entities\u003c/code\u003e for more detail.\u003c/li\u003e\n\u003cli\u003eperformance\n\u003cul\u003e\n\u003cli\u003eif processEntities is false, then there should not be impact on performance.\u003c/li\u003e\n\u003cli\u003eif processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%\u003c/li\u003e\n\u003cli\u003eif processEntities is true, and you pass entity decoder separately\n\u003cul\u003e\n\u003cli\u003eif no entity then performance should be same as before\u003c/li\u003e\n\u003cli\u003eif there are entities then performance should be increased from past versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eignoreAttributes is not required to be set to set xml version for NCR entity value\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate 'fast-xml-builder' to sanitize malicious CDATA and comment's content\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.6.0 / 2026-04-15\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: entity replacement for numeric entities\u003c/li\u003e\n\u003cli\u003euse \u003ccode\u003e@​nodable/entities\u003c/code\u003e to replace entities\n\u003cul\u003e\n\u003cli\u003ethis may change some error messages related to entities expansion limit or inavlid use\u003c/li\u003e\n\u003cli\u003epost check would be exposed in future version\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.5.12 / 2026-04-13\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePerformance Improvement: update path-expression-matcher\n\u003cul\u003e\n\u003cli\u003euse proxy pattern than Proxy class\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.5.11 / 2026-04-08\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePerformance Improvement\n\u003cul\u003e\n\u003cli\u003eintegrate ExpressionSet for stopNodes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d6d80429b1d1f1420902e1cebac6fe7831ba0839\"\u003e\u003ccode\u003ed6d8042\u003c/code\u003e\u003c/a\u003e update to release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d2633709699520c514208ea70e31adb6d71ab0e8\"\u003e\u003ccode\u003ed263370\u003c/code\u003e\u003c/a\u003e remove dev dependency 'he'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/f9c9a2c19f819ab6fe0856ef4e94d6aa28fe1eec\"\u003e\u003ccode\u003ef9c9a2c\u003c/code\u003e\u003c/a\u003e update builder to 1.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/b65da87028f943abf5698b96385eef21e39f983e\"\u003e\u003ccode\u003eb65da87\u003c/code\u003e\u003c/a\u003e update changelog and mark addEntity deprecated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/c2ca631f99d4d7f66e0d48001741bc8784cfe966\"\u003e\u003ccode\u003ec2ca631\u003c/code\u003e\u003c/a\u003e update fxb\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/da7519163bfdc257e90be781a05af83840b330a8\"\u003e\u003ccode\u003eda75191\u003c/code\u003e\u003c/a\u003e fix stop node expression when ns prefix is removed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/31bbc99adedcada7d52bc4745273e7d8b9824b31\"\u003e\u003ccode\u003e31bbc99\u003c/code\u003e\u003c/a\u003e fix: alwaysCreateTextNode should create text node when attributes are present...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/dab327a05acd4f62bba277fb924e2e751079eca0\"\u003e\u003ccode\u003edab327a\u003c/code\u003e\u003c/a\u003e remove unnecessary\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/ab04eeb91d3013d56c6a949cf45c17deaa3a0fc8\"\u003e\u003ccode\u003eab04eeb\u003c/code\u003e\u003c/a\u003e update docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/383cb3feee7f8181379f41836359e6b53379db5d\"\u003e\u003ccode\u003e383cb3f\u003c/code\u003e\u003c/a\u003e Revise security information for v6 release\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v4.4.1...v5.7.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.22.5 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cd24cc07ef6558b7f6510f9177f6393c91b0549f\"\u003e\u003ccode\u003ecd24cc0\u003c/code\u003e\u003c/a\u003e chore: Update TS 5.7 (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17053\"\u003e#17053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.14.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aws-cdk-lib` from 2.80.0 to 2.189.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-cdk/releases\"\u003eaws-cdk-lib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.189.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecore:\u003c/strong\u003e implicit Aspect applications do not override custom Aspect applications (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34132\"\u003e#34132\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/b7f4bc7aee1d99b70e4d9d3cedea53e910ee37ef\"\u003eb7f4bc7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eAlpha modules (2.189.1-alpha.0)\u003c/h2\u003e\n\u003ch2\u003ev2.189.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapigatewayv2:\u003c/strong\u003e dualstack HTTP and WebSocket API (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34054\"\u003e#34054\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/eec900e90f38f34f896b22cf36cb225fc9c13cc8\"\u003eeec900e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate L1 CloudFormation resource definitions (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34064\"\u003e#34064\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/9cb260266e92f45e40a19667e29ccf2decb3d2b8\"\u003e9cb2602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ebedrock:\u003c/strong\u003e support Amazon Nova Reel 1.1 (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34070\"\u003e#34070\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/3da0c4d267dbb693ffc01b9fae69cebcb180cdec\"\u003e3da0c4d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esupport L2 constructs for Amazon S3 Tables (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33599\"\u003e#33599\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/2e95252fecbb1fec9874fd5af4b4bd6449d50471\"\u003e2e95252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epipelines:\u003c/strong\u003e add \u003ccode\u003eV2\u003c/code\u003e pipeline type support in L3 construct (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34005\"\u003e#34005\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/994e95289b589596179553a5b9d7201155bd9ed1\"\u003e994e952\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33995\"\u003e#33995\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecodepipeline:\u003c/strong\u003e replace account root principal with pipeline role in trust policy for cross-account actions (under feature flag) (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34074\"\u003e#34074\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/2d901f4e7bb982221e1a48a13666939140109d5a\"\u003e2d901f4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecustom-resources:\u003c/strong\u003e \u003ccode\u003eAwsCustomResource\u003c/code\u003e assumed role session name may contain invalid characters (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34016\"\u003e#34016\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/32b6b4d7fa99723efb667239fbe455ede43b92c6\"\u003e32b6b4d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/23260\"\u003e#23260\u003c/a\u003e \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34011\"\u003e#34011\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eAlpha modules (2.189.0-alpha.0)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eec2-alpha:\u003c/strong\u003e implement mapPublicIpOnLaunch prop in SubnetV2 (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34057\"\u003e#34057\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/836c5cf3e4c627f817e4dc8ed2af28a5bba54792\"\u003e836c5cf\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/32159\"\u003e#32159\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eamplify:\u003c/strong\u003e unable to re-run integ test due to missing \u003ccode\u003estatus\u003c/code\u003e field in \u003ccode\u003ecustomRule\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33973\"\u003e#33973\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/6638c08d56afe7ecc4f23cff4cf334b887001e5e\"\u003e6638c08\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33962\"\u003e#33962\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.188.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate L1 CloudFormation resource definitions (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33980\"\u003e#33980\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/0923b5e82dd0c8da864f0c806f295fae270c22c1\"\u003e0923b5e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate L1 CloudFormation resource definitions (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34029\"\u003e#34029\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/be6210f246b97befcdc9446862e991071738008d\"\u003ebe6210f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecodepipeline:\u003c/strong\u003e add usePipelineRoleForActions field support in L2 (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33961\"\u003e#33961\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/d8bbc1c3f8479ab5031b8684364735b9a6c31fa2\"\u003ed8bbc1c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecodepipeline-actions:\u003c/strong\u003e support \u003ccode\u003eECRBuildAndPublish\u003c/code\u003e action (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33375\"\u003e#33375\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/c5cd679b2f979b9e51c7a071b18d930d3a475129\"\u003ec5cd679\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33376\"\u003e#33376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecodepipeline-actions:\u003c/strong\u003e support \u003ccode\u003eInspectorEcrImageScanAction\u003c/code\u003e and \u003ccode\u003eInspectorSourceCodeScanAction\u003c/code\u003e actions (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33378\"\u003e#33378\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/2dc8cc7f703ebcd61f2b5f4d20401a1ade788e7a\"\u003e2dc8cc7\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33377\"\u003e#33377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecognito:\u003c/strong\u003e v3.0 pre token generation trigger event (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33778\"\u003e#33778\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/ea1436f85d036bddb9a96dd54f02a639c3aab212\"\u003eea1436f\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33733\"\u003e#33733\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eevents-targets:\u003c/strong\u003e support ApiGatewayV2 HttpApi (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33864\"\u003e#33864\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/91a3076fb16369629a710ebc560c103a91c2ea20\"\u003e91a3076\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/26649\"\u003e#26649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ekinesisfirehose:\u003c/strong\u003e support S3 file extension format (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33776\"\u003e#33776\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/e314a9aa5d149704cc2abd30927a41d317a3ce6c\"\u003ee314a9a\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/32154\"\u003e#32154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elogs-destinations:\u003c/strong\u003e support Amazon Data Firehose logs destination (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33683\"\u003e#33683\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/a8edf696e91c44cbda286889896464960dd03266\"\u003ea8edf69\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/32038\"\u003e#32038\u003c/a\u003e \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/24766\"\u003e#24766\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epipelines:\u003c/strong\u003e actions can default to the pipeline service role instead of a newly created role (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33991\"\u003e#33991\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/2ebc51e694e85aa0d8e0401dbb1fc1037298eda5\"\u003e2ebc51e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003erds:\u003c/strong\u003e engine lifecycle support (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33902\"\u003e#33902\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/c0f8d293df157cd196e2bd9fb569374d0535f471\"\u003ec0f8d29\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33859\"\u003e#33859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.alpha.md\"\u003eaws-cdk-lib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file. See \u003ca href=\"https://github.com/conventional-changelog/standard-version\"\u003estandard-version\u003c/a\u003e for commit guidelines.\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aws/aws-cdk/compare/v2.252.0-alpha.0...v2.253.0-alpha.0\"\u003e2.253.0-alpha.0\u003c/a\u003e (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebedrock-agentcore-alpha:\u003c/strong\u003e add OnlineEvaluationConfig and Evaluator L2 constructs (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/37615\"\u003e#37615\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/c13de04223e32272b0c6c6dd4e2fca8e300fafa8\"\u003ec13de04\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/37614\"\u003e#37614\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eglue-alpha:\u003c/strong\u003e add extraPythonFiles support to PythonShellJob (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/37130\"\u003e#37130\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/c9c6f9c1b7c12722d18a45bf8a02c09672f8720d\"\u003ec9c6f9c\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34448\"\u003e#34448\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebedrock-agentcore-alpha:\u003c/strong\u003e self-managed memory strategy validation throws on unresolved tokens (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/37691\"\u003e#37691\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/79565376cdb642d821625fe10ae5916e7d2e64fe\"\u003e7956537\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/37197\"\u003e#37197\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aws/aws-cdk/compare/v2.251.0-alpha.0...v2.252.0-alpha.0\"\u003e2.252.0-alpha.0\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aws/aws-cdk/compare/v2.250.0-alpha.0...v2.251.0-alpha.0\"\u003e2.251.0-alpha.0\u003c/a\u003e (2026-04-24)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebedrock-agentcore-alpha:\u003c/strong\u003e add L2 constructs for policy and policy engine  (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/37238\"\u003e#37238\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/1e89e7e921a9946cb9c23f967c6b7a33a6048de4\"\u003e1e89e7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ebedrock-agentcore-alpha:\u003c/strong\u003e add observability configuration for Runtime (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/36689\"\u003e#36689\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/34b43aabe2c3a946ba286812b402ce946222d820\"\u003e34b43aa\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/36596\"\u003e#36596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ebedrock-agentcore-alpha:\u003c/strong\u003e support No Authorization for AgentCore Gateway (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/36610\"\u003e#36610\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/f20bd8e43700877f7166cdac3cd994876963bc67\"\u003ef20bd8e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edsql-alpha:\u003c/strong\u003e initial L2 construct (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34599\"\u003e#34599\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/be1a45861a5138b6e397cf076e39dfe0a18d4e99\"\u003ebe1a458\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34593\"\u003e#34593\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aws/aws-cdk/compare/v2.249.0-alpha.0...v2.250.0-alpha.0\"\u003e2.250.0-alpha.0\u003c/a\u003e (2026-04-14)\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aws/aws-cdk/compare/v2.248.0-alpha.0...v2.249.0-alpha.0\"\u003e2.249.0-alpha.0\u003c/a\u003e (2026-04-10)\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aws/aws-cdk/compare/v2.247.0-alpha.0...v2.248.0-alpha.0\"\u003e2.248.0-alpha.0\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aws/aws-cdk/compare/v2.246.0-alpha.0...v2.247.0-alpha.0\"\u003e2.247.0-alpha.0\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003emediapackagev2-alpha:\u003c/strong\u003e new L2 construct (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/37279\"\u003e#37279\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/7debfb9c5e807fac5df6e9e0ea3097d72325ffbc\"\u003e7debfb9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aws/aws-cdk/compare/v2.245.0-alpha.0...v2.246.0-alpha.0\"\u003e2.246.0-alpha.0\u003c/a\u003e (2026-03-31)\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aws/aws-cdk/compare/v2.244.0-alpha.0...v2.245.0-alpha.0\"\u003e2.245.0-alpha.0\u003c/a\u003e (2026-03-27)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003es3tables-alpha:\u003c/strong\u003e add support for partition spec, sort order, and table properties (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/36811\"\u003e#36811\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/2696cd16e8e2edc8d40f1443b9c87eb6171e5d1f\"\u003e2696cd1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-cdk/commit/e7432ee4f8ae6f4ba000b1c1833188dddeb15624\"\u003e\u003ccode\u003ee7432ee\u003c/code\u003e\u003c/a\u003e chore(release): 2.189.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-cdk/commit/b7f4bc7aee1d99b70e4d9d3cedea53e910ee37ef\"\u003e\u003ccode\u003eb7f4bc7\u003c/code\u003e\u003c/a\u003e fix(core): implicit Aspect applications do not override custom Aspect applica...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-cdk/commit/dcd077fb04f6900fd92e127d92a777cc38cdf932\"\u003e\u003ccode\u003edcd077f\u003c/code\u003e\u003c/a\u003e chore: update analytics metadata blueprints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-cdk/commit/b997bf125f0782d37fb8c99db0e0be09f4b10295\"\u003e\u003ccode\u003eb997bf1\u003c/code\u003e\u003c/a\u003e chore(release): 2.189.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-cdk/commit/eec900e90f38f34f896b22cf36cb225fc9c13cc8\"\u003e\u003ccode\u003eeec900e\u003c/code\u003e\u003c/a\u003e feat(apigatewayv2): dualstack HTTP and WebSocket API (\u003ca href=\"https://github.com/aws/aws-cdk/tree/HEAD/packages/aws-cdk-lib/issues/34054\"\u003e#34054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-cdk/commit/9cb260266e92f45e40a19667e29ccf2decb3d2b8\"\u003e\u003ccode\u003e9cb2602\u003c/code\u003e\u003c/a\u003e feat: update L1 CloudFormation resource definitions (\u003ca href=\"https://github.com/aws/aws-cdk/tree/HEAD/packages/aws-cdk-lib/issues/34064\"\u003e#34064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-cdk/commit/2d901f4e7bb982221e1a48a13666939140109d5a\"\u003e\u003ccode\u003e2d901f4\u003c/code\u003e\u003c/a\u003e fix(codepipeline): replace account root principal with pipeline role in trust...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-cdk/commit/3da0c4d267dbb693ffc01b9fae69cebcb180cdec\"\u003e\u003ccode\u003e3da0c4d\u003c/code\u003e\u003c/a\u003e feat(bedrock): support Amazon Nova Reel 1.1 (\u003ca href=\"https://github.com/aws/aws-cdk/tree/HEAD/packages/aws-cdk-lib/issues/34070\"\u003e#34070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-cdk/commit/b1e8879a800850efb130cb8aaaef596195de56f9\"\u003e\u003ccode\u003eb1e8879\u003c/code\u003e\u003c/a\u003e docs(pipelines): add link to developer guide on how to use docker drop-in rep...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-cdk/commit/1b98a41853c17dcce53c5bb7074011c8dd928fb3\"\u003e\u003ccode\u003e1b98a41\u003c/code\u003e\u003c/a\u003e docs(batch): add note on update fatgate compute environment (\u003ca href=\"https://github.com/aws/aws-cdk/tree/HEAD/packages/aws-cdk-lib/issues/34022\"\u003e#34022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-cdk/commits/v2.189.1/packages/aws-cdk-lib\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.8.4 to 1.13.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.13.6\u003c/h2\u003e\n\u003cp\u003eThis release focuses on platform compatibility, error handling improvements, and code quality maintenance.\u003c/p\u003e\n\u003ch2\u003e⚠️ Important Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking Changes:\u003c/strong\u003e None identified in this release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAction Required:\u003c/strong\u003e Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eReact Native Blob Support:\u003c/strong\u003e Axios now includes support for React Native Blob objects. Thanks to \u003ca href=\"https://github.com/moh3n9595\"\u003e\u003ccode\u003e@​moh3n9595\u003c/code\u003e\u003c/a\u003e for the initial implementation. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/5764\"\u003e#5764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCode Quality:\u003c/strong\u003e Implemented prettier across the codebase and resolved associated formatting issues. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7385\"\u003e#7385\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eEnvironment Compatibility:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed module exports for React Native and Browserify environments. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7386\"\u003e#7386\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded safe FormData detection for the WeChat Mini Program environment. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7324\"\u003e#7324\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAxiosError.message is now correctly enumerable. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7392\"\u003e#7392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAxiosError.from now correctly copies the status property from the source error, ensuring better error propagation. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7403\"\u003e#7403\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Updated the development_dependencies group (5 updates). (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7432\"\u003e#7432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eInfrastructure:\u003c/strong\u003e Migrated \u003ccode\u003e@​rollup/plugin-babel\u003c/code\u003e from v5.3.1 to v6.1.0. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7424\"\u003e#7424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocumentation:\u003c/strong\u003e Added missing JSDoc comments to utilities. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors! Thank you for helping improve the project:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Gudahtt\"\u003e\u003ccode\u003e@​Gudahtt\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7386\"\u003e#7386\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ybbus\"\u003e\u003ccode\u003e@​ybbus\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7392\"\u003e#7392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shiwaangee\"\u003e\u003ccode\u003e@​Shiwaangee\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7324\"\u003e#7324\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skrtheboss\"\u003e\u003ccode\u003e@​skrtheboss\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7403\"\u003e#7403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Janaka66\"\u003e\u003ccode\u003e@​Janaka66\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moh3n9595\"\u003e\u003ccode\u003e@​moh3n9595\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/axios/axios/pull/5764\"\u003e#5764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digital-wizard48\"\u003e\u003ccode\u003e@​digital-wizard48\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7424\"\u003e#7424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cem\u003eFull Changelog: \u003ca href=\"https://github.com/axios/axios/compare/v1.13.5...v1.13.6\"\u003ev1.13.5...v1.13.6\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003ev1.13.5\u003c/h2\u003e\n\u003ch2\u003eRelease 1.13.5\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSecurity:\u003c/strong\u003e Fixed a potential \u003cstrong\u003eDenial of Service\u003c/strong\u003e issue involving the \u003ccode\u003e__proto__\u003c/code\u003e key in \u003ccode\u003emergeConfig\u003c/code\u003e. (PR \u003ca href=\"https://redirect.github.com/axios/axios/pull/7369\"\u003e#7369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBug fix:\u003c/strong\u003e Resolved an issue where \u003ccode\u003eAxiosError\u003c/code\u003e could be missing the \u003ccode\u003estatus\u003c/code\u003e field on and after \u003cstrong\u003ev1.13.3\u003c/strong\u003e. (PR \u003ca href=\"https://redirect.github.com/axios/axios/pull/7368\"\u003e#7368\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003ch4\u003eSecurity\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix Denial of Service via \u003ccode\u003e__proto__\u003c/code\u003e key in \u003ccode\u003emergeConfig\u003c/code\u003e. (PR \u003ca href=\"https://redirect.github.com/axios/axios/pull/7369\"\u003e#7369\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.13.6 - February 27, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds React Native Blob support, fixes several enumeration and export regressions, and patches FormData detection for WeChat Mini Program environments.\u003c/p\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eReact Native Blob Support:\u003c/strong\u003e Axios now correctly handles native Blob objects in React Native environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/5764\"\u003e#5764\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eAxiosError:\u003c/strong\u003e Fixed \u003ccode\u003eAxiosError.from\u003c/code\u003e not copying the \u003ccode\u003estatus\u003c/code\u003e field from the source error. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7403\"\u003e#7403\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eAxiosError:\u003c/strong\u003e Made the \u003ccode\u003emessage\u003c/code\u003e property enumerable so it appears in \u003ccode\u003eJSON.stringify\u003c/code\u003e output and \u003ccode\u003eObject.keys\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7392\"\u003e#7392\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eFormData Detection:\u003c/strong\u003e Corrected safe FormData detection for WeChat Mini Program environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7324\"\u003e#7324\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eReact Native / Browserify Export:\u003c/strong\u003e Fixed broken module export that caused import failures in React Native and Browserify. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7386\"\u003e#7386\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Migrated \u003ccode\u003e@rollup/plugin-babel\u003c/code\u003e from v5 to v6 and bumped the development dependencies group. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7424\"\u003e#7424\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7432\"\u003e#7432\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/moh3n9595\"\u003e\u003ccode\u003e@​moh3n9595\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/5764\"\u003e#5764\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/skrtheboss\"\u003e\u003ccode\u003e@​skrtheboss\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7403\"\u003e#7403\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ybbus\"\u003e\u003ccode\u003e@​ybbus\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7392\"\u003e#7392\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Shiwaangee\"\u003e\u003ccode\u003e@​Shiwaangee\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7324\"\u003e#7324\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Gudahtt\"\u003e\u003ccode\u003e@​Gudahtt\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7386\"\u003e#7386\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.13.5...v1.13.6\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.13.5 - February 8, 2026\u003c/h2\u003e\n\u003cp\u003eThis release patches a prototype pollution denial-of-service vulnerability, fixes a missing \u003ccode\u003estatus\u003c/code\u003e field regression in \u003ccode\u003eAxiosError\u003c/code\u003e, adds interceptor ordering control, and introduces URL validation for \u003ccode\u003eisAbsoluteURL\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution (DoS):\u003c/strong\u003e Hardened \u003ccode\u003emergeConfig\u003c/code\u003e to ignore \u003ccode\u003e__proto__\u003c/code\u003e, \u003ccode\u003econstructor\u003c/code\u003e, and \u003ccode\u003eprototype\u003c/code\u003e keys, preventing denial-of-service via prototype pollution when merging user-supplied config. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7369\"\u003e#7369\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eisAbsoluteURL\u003c/code\u003e Validation:\u003c/strong\u003e Added input validation to \u003ccode\u003eisAbsoluteURL\u003c/code\u003e to handle malformed or unexpected input gracefully. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7326\"\u003e#7326\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/7108c8877f9dc05f7aba8beb2b9e522537f9a9a7\"\u003e\u003ccode\u003e7108c88\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.13.6 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7446\"\u003e#7446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/20a0ba3c01174aa2ec441753fa1fe47f21d20491\"\u003e\u003ccode\u003e20a0ba3\u003c/code\u003e\u003c/a\u003e refactor(deps): migrate \u003ccode\u003e@​rollup/plugin-babel\u003c/code\u003e from v5.3.1 to v6.1.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7424\"\u003e#7424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/885b4af6f5dd6ab7977b207fdf61a7e89af69e69\"\u003e\u003ccode\u003e885b4af\u003c/code\u003e\u003c/a\u003e feat: support react native blob objects (\u003ca href=\"https://redirect.github.com/axios/axios/issues/5764\"\u003e#5764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/00d97b9730f3d83e865d0f3ee33cba6290ba20ed\"\u003e\u003ccode\u003e00d97b9\u003c/code\u003e\u003c/a\u003e docs(utils): add missing JSDoc comments (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/9712548a49521580c8e692c367609b9f5e748d63\"\u003e\u003ccode\u003e9712548\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the development_dependencies group across 1 directory w...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/d51accbea1faef6e3b74c7dfa636704a2332bfbb\"\u003e\u003ccode\u003ed51accb\u003c/code\u003e\u003c/a\u003e fix(core): copy status from source error in AxiosError.from (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7403\"\u003e#7403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e30bbf1b33c8b6213c793eb0cf6b61b0edc72f1\"\u003e\u003ccode\u003e3e30bbf\u003c/code\u003e\u003c/a\u003e chore: fix publish to only run on v1 tags\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/672491db34b5575d2abb1c3f91382bc1f45ae7b7\"\u003e\u003ccode\u003e672491d\u003c/code\u003e\u003c/a\u003e fix: safe FormData detection for WeChat Mini Program (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7306\"\u003e#7306\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7324\"\u003e#7324\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/822e3e40b4f9287b5a787f5d1dfb3ae7f8a0faa3\"\u003e\u003ccode\u003e822e3e4\u003c/code\u003e\u003c/a\u003e fix: make AxiosError.message property enumerable (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7392\"\u003e#7392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ef3711d1b3a3c1eb4f11dc43e8db38e9c5342448\"\u003e\u003ccode\u003eef3711d\u003c/code\u003e\u003c/a\u003e feat: implement prettier and fix all issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7385\"\u003e#7385\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.8.4...v1.13.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `form-data` from 3.0.1 to 3.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/form-data/form-data/releases\"\u003eform-data's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003enpmignore temporary build files (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/532\"\u003e#532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emove util.isArray to Array.isArray (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emigrate from travis to GHA\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/form-data/form-data/blob/master/CHANGELOG.md\"\u003eform-data's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.3...v3.0.4\"\u003ev3.0.4\u003c/a\u003e - 2025-07-16\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/577\"\u003e\u003ccode\u003e[#577](https://github.com/form-data/form-data/issues/577)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[eslint] update linting config \u003ca href=\"https://github.com/form-data/form-data/commit/f5e7eb024bc3fc7e2074ff80f143a4f4cbc1dbda\"\u003e\u003ccode\u003ef5e7eb0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5\"\u003e\u003ccode\u003ed2eb290\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23 \u003ca href=\"https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f\"\u003e\u003ccode\u003ee8c574c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values \u003ca href=\"https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd\"\u003e\u003ccode\u003ec6ced61\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003ehasown\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/1a78b5dd05e508d67e97764d812ac7c6d92ea88d\"\u003e\u003ccode\u003e1a78b5d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method \u003ca href=\"https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4\"\u003e\u003ccode\u003e70bbaa0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add tests to check the behavior of \u003ccode\u003egetBoundary\u003c/code\u003e with non-strings \u003ca href=\"https://github.com/form-data/form-data/commit/b22a64ef94ba4f3f6ff7d1ac72a54cca128567df\"\u003e\u003ccode\u003eb22a64e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] actually ensure the readme backup isn’t published \u003ca href=\"https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea\"\u003e\u003ccode\u003e0150851\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] remove local commit hooks \u003ca href=\"https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769\"\u003e\u003ccode\u003efc42bb9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] remove unused deps \u003ca href=\"https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb\"\u003e\u003ccode\u003ea14d09e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix scripts to use prepublishOnly \u003ca href=\"https://github.com/form-data/form-data/commit/11d9f7338f18a59b431832a3562b49baece0a432\"\u003e\u003ccode\u003e11d9f73\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix readme capitalization \u003ca href=\"https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932\"\u003e\u003ccode\u003efc38b48\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.2...v3.0.3\"\u003ev3.0.3\u003c/a\u003e - 2025-02-14\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/573\"\u003e\u003ccode\u003e[#573](https://github.com/form-data/form-data/issues/573)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/573\"\u003e#573\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/396\"\u003e\u003ccode\u003e[#396](https://github.com/form-data/form-data/issues/396)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003eObject.prototype.hasOwnProperty.call\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/7fecefe4ba8f775634aff86a698776ad95ecffb5\"\u003e\u003ccode\u003e7fecefe\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@types/node\u003c/code\u003e, \u003ccode\u003ebrowserify\u003c/code\u003e, \u003ccode\u003ecoveralls\u003c/code\u003e, \u003ccode\u003ecross-spawn\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003eformidable\u003c/code\u003e, \u003ccode\u003ein-publish\u003c/code\u003e, \u003ccode\u003epkgfiles\u003c/code\u003e, \u003ccode\u003epre-commit\u003c/code\u003e, \u003ccode\u003epuppeteer\u003c/code\u003e, \u003ccode\u003erequest\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e, \u003ccode\u003etypescript\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/8261fcb8bf5944d30ae3bd04b91b71d6a9932ef4\"\u003e\u003ccode\u003e8261fcb\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/form-data/form-data/commit/b82f59093cdbadb4b7ec0922d33ae7ab048b82ff\"\u003e\u003ccode\u003eb82f590\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] pin \u003ccode\u003erequest\u003c/code\u003e which via \u003ccode\u003etough-cookie\u003c/code\u003e ^2.4 depends on \u003ccode\u003epsl\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/e5df7f24383342264bd73dee3274818a40d04065\"\u003e\u003ccode\u003ee5df7f2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003emime-types\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/5a5bafee894fead10da49e1fa2b084e17f2e1034\"\u003e\u003ccode\u003e5a5bafe\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.1...v3.0.2\"\u003ev3.0.2\u003c/a\u003e - 2024-10-10\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix (npmignore): ignore temporary build files \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/532\"\u003e\u003ccode\u003e[#532](https://github.com/form-data/form-data/issues/532)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] migrate from travis to GHA \u003ca href=\"https://github.com/form-data/form-data/commit/8fdb3bc6b5d001f8909a9fca391d1d1d97ef1d79\"\u003e\u003ccode\u003e8fdb3bc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] clean up ignores \u003ca href=\"https://github.com/form-data/form-data/commit/3217b3ded8e382e51171d5c74c6038a21cc54440\"\u003e\u003ccode\u003e3217b3d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: move util.isArray to Array.isArray (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/564\"\u003e#564\u003c/a\u003e) \u003ca href=\"https://github.com/form-data/form-data/commit/edb555a811f6f7e4668db4831551cf41c1de1cac\"\u003e\u003ccode\u003eedb555a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/9c82fcdf0858b2764060a87803a55375ffbee6ed\"\u003e\u003ccode\u003e9c82fcd\u003c/code\u003e\u003c/a\u003e v3.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f\"\u003e\u003ccode\u003ee8c574c\u003c/code\u003e\u003c/a\u003e [Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd\"\u003e\u003ccode\u003ec6ced61\u003c/code\u003e\u003c/a\u003e [Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea\"\u003e\u003ccode\u003e0150851\u003c/code\u003e\u003c/a\u003e [meta] actually ensure the readme backup isn’t published\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932\"\u003e\u003ccode\u003efc38b48\u003c/code\u003e\u003c/a\u003e [meta] fix readme capitalization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5\"\u003e\u003ccode\u003ed2eb290\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769\"\u003e\u003ccode\u003efc42bb9\u003c/code\u003e\u003c/a\u003e [meta] remove local commit hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb\"\u003e\u003ccode\u003ea14d09e\u003c/code\u003e\u003c/a\u003e [Dev Deps] remove unused deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/002b9b0c4862576305292ac44f7be25ec7ccea0e\"\u003e\u003ccode\u003e002b9b0\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4\"\u003e\u003ccode\u003e70bbaa0\u003c/code\u003e\u003c/a\u003e [Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.1...v3.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for form-data since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.0.4 to 5.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Protect against unbounded control response, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.0.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Memory leak described in \u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/250\"\u003e#250\u003c/a\u003e by \u003ca href=\"https://github.com/everhardt\"\u003e\u003ccode\u003e@​everhardt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/martijnimhoff\"\u003e\u003ccode\u003e@​martijnimhoff\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Protect against unbounded control response, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir. Fixes security vulnerability CVE-2026-27699, see \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.0.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Memory leak described in \u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/250\"\u003e#250\u003c/a\u003e by \u003ca href=\"https://github.com/everhardt\"\u003e\u003ccode\u003e@​everhardt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/martijnimhoff\"\u003e\u003ccode\u003e@​martijnimhoff\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/980371bb6057d78d479b5cfc18683392abd2c45f\"\u003e\u003ccode\u003e980371b\u003c/code\u003e\u003c/a\u003e Guard against unbounded control response\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/50827c73ca6c1d786c97276e47be8a33d0f2277d\"\u003e\u003ccode\u003e50827c7\u003c/code\u003e\u003c/a\u003e Adjust changelog to match release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.0.4...v5.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 4.0.2 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.4 - January 2026\u003c/h2\u003e\n\u003cp\u003eOnly change from 4.0.2 is a backport of the fix to \u003ca href=\"https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx\"\u003ehttps://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev4.0.3 (deprecated)\u003c/h2\u003e\n\u003cp\u003eAccidental release - do not use.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/f06f3e4cacad5955caf891a8a02c5bb1c954bcb5\"\u003e\u003ccode\u003ef06f3e4\u003c/code\u003e\u003c/a\u003e v4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/0179a484ffaec7c8d5d6b69d8c3905473383de75\"\u003e\u003ccode\u003e0179a48\u003c/code\u003e\u003c/a\u003e v4.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4568cae5ae7646962bf3c5641907d1fb5af90683\"\u003e\u003ccode\u003e4568cae\u003c/code\u003e\u003c/a\u003e Backport \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/649\"\u003ekpdecker/jsdiff#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4de0ffa13ad51db7a27567c2b870fb4e43f0814a\"\u003e\u003ccode\u003e4de0ffa\u003c/code\u003e\u003c/a\u003e Backport \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/647\"\u003ekpdecker/jsdiff#647\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/v4.0.2...v4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com...\n\n_Description has been truncated_","html_url":"https://github.com/reaphq/iam-identity-center-team/pull/37","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/reaphq%2Fiam-identity-center-team/issues/37","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/37/packages"},{"uuid":"4409958984","node_id":"PR_kwDOOkJiQ87Zt3OP","number":34,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 24 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-08T23:07:52.000Z","updated_at":"2026-05-09T18:00:47.234Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":24,"packages":[{"name":"axios","old_version":"1.9.0","new_version":"1.15.2","repository_url":"https://github.com/axios/axios"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"@xmldom/xmldom","old_version":"0.8.10","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"ajv","old_version":"8.17.1","new_version":"8.20.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"brace-expansion","old_version":"2.0.1","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"9.0.5","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"form-data","old_version":"3.0.3","new_version":"3.0.4","repository_url":"https://github.com/form-data/form-data"},{"name":"immutable","old_version":"5.1.1","new_version":"5.1.5","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"on-headers","old_version":"1.0.2","new_version":"1.1.0","repository_url":"https://github.com/jshttp/on-headers"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"2.7.1","new_version":"2.8.4","repository_url":"https://github.com/eemeli/yaml"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.1","repository_url":"https://github.com/ljharb/qs"},{"name":"react-router","old_version":"7.5.3","new_version":"7.15.0","repository_url":"https://github.com/remix-run/react-router"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"socket.io-parser","old_version":"4.2.4","new_version":"4.2.6","repository_url":"https://github.com/socketio/socket.io"},{"name":"webpack","old_version":"5.99.7","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 22 updates in the /client directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.9.0` | `1.15.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.10` | `0.8.13` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.20.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [form-data](https://github.com/form-data/form-data) | `3.0.3` | `3.0.4` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `5.1.1` | `5.1.5` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [yaml](https://github.com/eemeli/yaml) | `2.7.1` | `2.8.4` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.1` |\n| [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `7.5.3` | `7.15.0` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.4` | `4.2.6` |\n| [webpack](https://github.com/webpack/webpack) | `5.99.7` | `5.106.2` |\n\n\nUpdates `axios` from 1.9.0 to 1.15.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eLocation\u003c/code\u003e Request Header Type:\u003c/strong\u003e Adds \u003ccode\u003eLocation\u003c/code\u003e to \u003ccode\u003eCommonRequestHeadersList\u003c/code\u003e for accurate typing of redirect-aware requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7528\"\u003e#7528\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormData Handling:\u003c/strong\u003e Removes \u003ccode\u003eContent-Type\u003c/code\u003e when no boundary is present on \u003ccode\u003eFormData\u003c/code\u003e fetch requests, supports multi-select fields, cancels \u003ccode\u003erequest.body\u003c/code\u003e instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7314\"\u003e#7314\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10676\"\u003e#10676\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10702\"\u003e#10702\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10726\"\u003e#10726\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter:\u003c/strong\u003e Handles socket-only request errors without leaking keep-alive listeners. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10576\"\u003e#10576\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProgress Events:\u003c/strong\u003e Clamps \u003ccode\u003eloaded\u003c/code\u003e to \u003ccode\u003etotal\u003c/code\u003e for computable upload/download progress events. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7458\"\u003e#7458\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes:\u003c/strong\u003e Aligns \u003ccode\u003erunWhen\u003c/code\u003e type with the runtime behaviour in \u003ccode\u003eInterceptorManager\u003c/code\u003e and makes response header keys case-insensitive. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7529\"\u003e#7529\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10677\"\u003e#10677\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ebuildFullPath\u003c/code\u003e:\u003c/strong\u003e Uses strict equality in the base/relative URL check. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7252\"\u003e#7252\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eAxiosURLSearchParams\u003c/code\u003e Regex:\u003c/strong\u003e Improves the regex used for param serialisation to avoid edge-case mismatches. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10736\"\u003e#10736\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eResilient Value Parsing:\u003c/strong\u003e Parses out header/config values instead of throwing on malformed input. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10687\"\u003e#10687\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2 - April 21, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.15.1 - April 19, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/582934382e4e0e0bcb679c628071a4203e93cf57\"\u003e\u003ccode\u003e5829343\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10789\"\u003e#10789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4709a48fa2717ba97f43f5432d48ca4e26c2d326\"\u003e\u003ccode\u003e4709a48\u003c/code\u003e\u003c/a\u003e fix: added fix for memory leak in sockets (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/be3336014e01f9a4fc1f8aef15303cf7daaf58db\"\u003e\u003ccode\u003ebe33360\u003c/code\u003e\u003c/a\u003e chore: update changelog (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa\"\u003e\u003ccode\u003e4791514\u003c/code\u003e\u003c/a\u003e fix: more header pollutions (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/6feafcff6c2dbafe206161c5d09e38e1d36af66f\"\u003e\u003ccode\u003e6feafcf\u003c/code\u003e\u003c/a\u003e fix: socket issue (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/302e2739c602f00e323d4f3f5c79500647633a73\"\u003e\u003ccode\u003e302e273\u003c/code\u003e\u003c/a\u003e docs: update docs, add a couple actions etc (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ac42446be51300fe214ba3c6e40cc95f34fd6871\"\u003e\u003ccode\u003eac42446\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10767\"\u003e#10767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/908f2206b6bfeff67236784abce85935698ac1d9\"\u003e\u003ccode\u003e908f220\u003c/code\u003e\u003c/a\u003e docs: update threatmodel (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10765\"\u003e#10765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f93f8155250c2e066205521eda05ae22983a1f6d\"\u003e\u003ccode\u003ef93f815\u003c/code\u003e\u003c/a\u003e docs: added docs around potential decompressions bomb (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10763\"\u003e#10763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1728aa1b15b8857f970611fd8983c06b423fc486\"\u003e\u003ccode\u003e1728aa1\u003c/code\u003e\u003c/a\u003e fix: short-circuits on any truthy non-boolean in withXSRFToken (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.9.0...v1.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.14.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 4.1.0 to 4.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@xmldom/xmldom` from 0.8.10 to 0.8.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/releases\"\u003e@​xmldom/xmldom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e0.8.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/discussions/357\"\u003ehttps://github.com/xmldom/xmldom/discussions/357\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.8.11\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.10...0.8.11\"\u003e0.8.11\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate \u003ccode\u003eownerDocument\u003c/code\u003e when moving nodes between documents \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/933\"\u003e\u003ccode\u003e[#933](https://github.com/xmldom/xmldom/issues/933)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/932\"\u003e\u003ccode\u003e[#932](https://github.com/xmldom/xmldom/issues/932)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you, \u003ca href=\"https://github.com/shunkica\"\u003e\u003ccode\u003e@​shunkica\u003c/code\u003e\u003c/a\u003e, for your contributions\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md\"\u003e@​xmldom/xmldom's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003e0.8.13\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.9.8...0.9.9\"\u003e0.9.9\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimplement \u003ccode\u003eParentNode.children\u003c/code\u003e getter \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/960\"\u003e\u003ccode\u003e[#960](https://github.com/xmldom/xmldom/issues/960)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/410\"\u003e\u003ccode\u003e[#410](https://github.com/xmldom/xmldom/issues/410)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecorrectly traverse ancestor chain in \u003ccode\u003eNode.contains\u003c/code\u003e \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/931\"\u003e\u003ccode\u003e[#931](https://github.com/xmldom/xmldom/issues/931)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003ch3\u003eChore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/yoshi389111\"\u003e\u003ccode\u003e@​yoshi389111\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003e0.8.12\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e5c14802592685bb872c042c54c3f73758875c85\"\u003e\u003ccode\u003ee5c1480\u003c/code\u003e\u003c/a\u003e 0.8.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/9611e20d75f059dc377f806a8f7ee7d1eaeaeb7c\"\u003e\u003ccode\u003e9611e20\u003c/code\u003e\u003c/a\u003e style: drop unused import in test file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/dc4dff3d1d0b5a6b97c52fcc1823a735b8821e62\"\u003e\u003ccode\u003edc4dff3\u003c/code\u003e\u003c/a\u003e docs: add 0.8.13 changelog entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/842fa38deedd2d9a9c90d0ad54aa1be75d2a41bc\"\u003e\u003ccode\u003e842fa38\u003c/code\u003e\u003c/a\u003e fix: prevent stack overflow in normalize (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/aeff69f5a32e8c1bd540683da9e10718f84f595c\"\u003e\u003ccode\u003eaeff69f\u003c/code\u003e\u003c/a\u003e test: add normalize behavioral coverage to node.test.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/cbdb0d7db8ae70760bd4cc181cb8f30bb0cd9d88\"\u003e\u003ccode\u003ecbdb0d7\u003c/code\u003e\u003c/a\u003e fix: make walkDOM iterative to prevent stack overflow (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/0b543d31794dc198c86a0358574cb5dec29674c5\"\u003e\u003ccode\u003e0b543d3\u003c/code\u003e\u003c/a\u003e test: assert namespace declarations are isolated between siblings in serializ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/c007c51909587990c962cf3d5c2acadf4c897b87\"\u003e\u003ccode\u003ec007c51\u003c/code\u003e\u003c/a\u003e refactor: migrate serializeToString to walkDOM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/2bb3899074820089d9e76ce28a5edfdacf425025\"\u003e\u003ccode\u003e2bb3899\u003c/code\u003e\u003c/a\u003e test: add serializeToString coverage for uncovered branches\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e69f38d0a58731152d300e8c8eb29506f5f488fe\"\u003e\u003ccode\u003ee69f38d\u003c/code\u003e\u003c/a\u003e refactor: migrate importNode to walkDOM\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.10...0.8.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~karfau\"\u003ekarfau\u003c/a\u003e, a new releaser for \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.1 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.0.6 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove master branch support by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/126\"\u003efastify/fast-uri#126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(test) remove .gitkeep by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/128\"\u003efastify/fast-uri#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): set job per...\n\n_Description has been truncated_","html_url":"https://github.com/realbrodiwhite/royalgamesclient/pull/34","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/realbrodiwhite%2Froyalgamesclient/issues/34","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/34/packages"},{"uuid":"4368496830","node_id":"PR_kwDOJKNMac7XnwO5","number":174,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 28 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-02T08:55:04.000Z","updated_at":"2026-05-02T08:55:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":28,"packages":[{"name":"webpack","old_version":"5.88.2","new_version":"5.104.1","repository_url":"https://github.com/webpack/webpack"},{"name":"uuid","old_version":"9.0.1","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"@babel/helpers","old_version":"7.26.9","new_version":"7.29.2","repository_url":"https://github.com/babel/babel"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"base-x","old_version":"3.0.9","new_version":"3.0.11","repository_url":"https://github.com/cryptocoinjs/base-x"},{"name":"bn.js","old_version":"4.12.0","new_version":"4.12.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"cipher-base","old_version":"1.0.4","new_version":"1.0.7","repository_url":"https://github.com/crypto-browserify/cipher-base"},{"name":"diff","old_version":"5.1.0","new_version":"5.2.2","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"fast-xml-parser","old_version":"4.5.3","new_version":"4.5.6","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"flatted","old_version":"3.2.9","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.6","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"form-data","old_version":"3.0.1","new_version":"3.0.4","repository_url":"https://github.com/form-data/form-data"},{"name":"http-proxy-middleware","old_version":"2.0.6","new_version":"2.0.9","repository_url":"https://github.com/chimurai/http-proxy-middleware"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.17.23","repository_url":"https://github.com/lodash/lodash"},{"name":"multer","old_version":"1.4.5-lts.1","new_version":"1.4.5-lts.2","repository_url":"https://github.com/expressjs/multer"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"pbkdf2","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/browserify/pbkdf2"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"2.79.1","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"sha.js","old_version":"2.4.11","new_version":"2.4.12","repository_url":"https://github.com/crypto-browserify/sha.js"},{"name":"socket.io-parser","old_version":"4.2.4","new_version":"4.2.6","repository_url":"https://github.com/socketio/socket.io"},{"name":"tar-fs","old_version":"2.1.1","new_version":"2.1.4","repository_url":"https://github.com/mafintosh/tar-fs"},{"name":"webpack-dev-server","old_version":"4.15.1","new_version":"4.15.2","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 27 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [webpack](https://github.com/webpack/webpack) | `5.88.2` | `5.104.1` |\n| [uuid](https://github.com/uuidjs/uuid) | `9.0.1` | `14.0.0` |\n| [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.26.9` | `7.29.2` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [base-x](https://github.com/cryptocoinjs/base-x) | `3.0.9` | `3.0.11` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.12.0` | `4.12.3` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` |\n| [diff](https://github.com/kpdecker/jsdiff) | `5.1.0` | `5.2.2` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.5.3` | `4.5.6` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.9` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.6` | `1.16.0` |\n| [form-data](https://github.com/form-data/form-data) | `3.0.1` | `3.0.4` |\n| [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.6` | `2.0.9` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` |\n| [multer](https://github.com/expressjs/multer) | `1.4.5-lts.1` | `1.4.5-lts.2` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.1` | `2.80.0` |\n| [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.4` | `4.2.6` |\n| [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.1` | `2.1.4` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `4.15.1` | `4.15.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n\nBumps the npm_and_yarn group with 1 update in the /packages/snap directory: [uuid](https://github.com/uuidjs/uuid).\n\nUpdates `webpack` from 5.88.2 to 5.104.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/releases\"\u003ewebpack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.104.1\u003c/h2\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.104.0\u003c/h2\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.103.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eDotenvPlugin\u003c/code\u003e and top level \u003ccode\u003edotenv\u003c/code\u003e option to enable this plugin\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eWebpackManifestPlugin\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdded support the \u003ccode\u003eignoreList\u003c/code\u003e option in devtool plugins\u003c/li\u003e\n\u003cli\u003eAllow to use custom javascript parse function\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/blob/main/CHANGELOG.md\"\u003ewebpack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/24e3c2d2c9f8c6d60810302b2ea70ed86e2863dc\"\u003e\u003ccode\u003e24e3c2d\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20253\"\u003e#20253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2efd21b0b06baa9b1a7f009b336379dcef24c1a5\"\u003e\u003ccode\u003e2efd21b\u003c/code\u003e\u003c/a\u003e fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/c5100702335a9cdcb75558ccd80def2329bd4abf\"\u003e\u003ccode\u003ec510070\u003c/code\u003e\u003c/a\u003e fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/4b0501c69700963bad1285b56f9cfa74704cb963\"\u003e\u003ccode\u003e4b0501c\u003c/code\u003e\u003c/a\u003e ci: fix release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20252\"\u003e#20252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c213cecf2906bc41102c3a4cfdd1ad3522d0171\"\u003e\u003ccode\u003e0c213ce\u003c/code\u003e\u003c/a\u003e ci: use \u003ccode\u003e\\\u0026lt;@\u0026amp;1450591255485743204\u0026gt;\u003c/code\u003e over \u003ccode\u003e@here\u003c/code\u003e for discord notificationw\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/5bf8bc51bcfb49d25b73aae450b246cd8b8b423a\"\u003e\u003ccode\u003e5bf8bc5\u003c/code\u003e\u003c/a\u003e refactor: types for benchmarks and tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/505a5e744fbcf4471ddb534bf1d4aebea9643c1b\"\u003e\u003ccode\u003e505a5e7\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20188\"\u003e#20188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c066808d59e4f9406e11bab4ffa2e0feacbd0e2\"\u003e\u003ccode\u003e0c06680\u003c/code\u003e\u003c/a\u003e refactor: update eslint configuration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2eb0d6a410513960bd7d65bf15baf15704a612eb\"\u003e\u003ccode\u003e2eb0d6a\u003c/code\u003e\u003c/a\u003e ci: release announcement (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20238\"\u003e#20238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/b2b24590a08755b706d2009ca97a226addf9e83b\"\u003e\u003ccode\u003eb2b2459\u003c/code\u003e\u003c/a\u003e ci: cancel in progress (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20239\"\u003e#20239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack/compare/v5.88.2...v5.104.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 9.0.1 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d61d6ac1f782cf6b1dd8661c60f11722cd49a0d\"\u003e3d61d6a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v9.0.1...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/helpers` from 7.26.9 to 7.29.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/helpers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17789\"\u003e#17789\u003c/a\u003e [7.x backport] preset-env include/exclude should accept bugfix plugins (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:house: Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17813\"\u003e#17813\u003c/a\u003e chore: update eslint peer deps (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 2\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.1 (2026-02-04)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-standalone\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17771\"\u003e#17771\u003c/a\u003e [7.x backport] fix: ensure \u003ccode\u003etargets.esmodules\u003c/code\u003e is validated (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17776\"\u003e#17776\u003c/a\u003e [7.x backport] Fix undefined when 64 indents (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 2\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.0 (2026-01-31)\u003c/h2\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/simbahax\"\u003e\u003ccode\u003e@​simbahax\u003c/code\u003e\u003c/a\u003e for your first PR!\u003c/p\u003e\n\u003ch4\u003e:rocket: New Feature\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-types\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17750\"\u003e#17750\u003c/a\u003e [7.x backport] Add attributes import declaration builder (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-standalone\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17663\"\u003e#17663\u003c/a\u003e [7.x backport] feat(standalone): export async transform (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17725\"\u003e#17725\u003c/a\u003e [7.x backport] feat: read standalone targets from data-targets (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17765\"\u003e#17765\u003c/a\u003e fix(parser): correctly parse type assertions in \u003ccode\u003eextends\u003c/code\u003e clause (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17723\"\u003e#17723\u003c/a\u003e [7.x backport] fix(parser): improve super type argument parsing (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-traverse\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17708\"\u003e#17708\u003c/a\u003e fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (\u003ca href=\"https://github.com/simbahax\"\u003e\u003ccode\u003e@​simbahax\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-block-scoping\u003c/code\u003e, \u003ccode\u003ebabel-traverse\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17737\"\u003e#17737\u003c/a\u003e [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (\u003ca href=\"https://github.com/magic-akari\"\u003e\u003ccode\u003e@​magic-akari\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/37d5595fca9f188f0534458180611f2e776acd31\"\u003e\u003ccode\u003e37d5595\u003c/code\u003e\u003c/a\u003e v7.29.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/1c0a08d95ae7e1c788c7e1ae3a10ee53f7c86864\"\u003e\u003ccode\u003e1c0a08d\u003c/code\u003e\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17805\"\u003e#17805\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/d7f400889567ae18ef9ac41b024b5120f6060e17\"\u003e\u003ccode\u003ed7f4008\u003c/code\u003e\u003c/a\u003e v7.28.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/99dcba5e71de3bd81ce14077cfa5b6df58e9b177\"\u003e\u003ccode\u003e99dcba5\u003c/code\u003e\u003c/a\u003e chore: enable some ts-eslint rules (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17592\"\u003e#17592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/c1b55f6ad56523ccc96fa68721de0bed2f2cdb23\"\u003e\u003ccode\u003ec1b55f6\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003eeslint.config.mts\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17573\"\u003e#17573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/35055e392079a65830b7bf5b1d1c1fc4de90a78f\"\u003e\u003ccode\u003e35055e3\u003c/code\u003e\u003c/a\u003e v7.28.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/18d88b83c67c8dbbe63e4ac423e6006c4c01b85c\"\u003e\u003ccode\u003e18d88b8\u003c/code\u003e\u003c/a\u003e Improve \u003ccode\u003e@​babel/core\u003c/code\u003e typings (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17471\"\u003e#17471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/ef155f5ca83c73dbc1ea8d95216830b7dc3b0ac2\"\u003e\u003ccode\u003eef155f5\u003c/code\u003e\u003c/a\u003e v7.28.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/741cbd2381ac0cda3afd42bc04454a87d9d8762a\"\u003e\u003ccode\u003e741cbd2\u003c/code\u003e\u003c/a\u003e chore: fix various typos across codebase (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17476\"\u003e#17476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cac0ff4c3426eed30b4d27e7971b348da7c9f1e6\"\u003e\u003ccode\u003ecac0ff4\u003c/code\u003e\u003c/a\u003e v7.28.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.2/packages/babel-helpers\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/helpers\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `base-x` from 3.0.9 to 3.0.11\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cryptocoinjs/base-x/commit/043a888a9bae09bc4b40500e37792e2c6398e9f2\"\u003e\u003ccode\u003e043a888\u003c/code\u003e\u003c/a\u003e 3.0.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cryptocoinjs/base-x/commit/2705dddd2565b455641985974b534291d8defb31\"\u003e\u003ccode\u003e2705ddd\u003c/code\u003e\u003c/a\u003e [backport 3.x] Prohibit char codes that would overflow the \u003ccode\u003eBASE_MAP\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cryptocoinjs/base-x/commit/3d43c0e16bfbc045a0a8bb6423e6e336df81b512\"\u003e\u003ccode\u003e3d43c0e\u003c/code\u003e\u003c/a\u003e 3.0.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cryptocoinjs/base-x/commit/0a3544695fa6800649a8b78ed46cece61bcdbbe5\"\u003e\u003ccode\u003e0a35446\u003c/code\u003e\u003c/a\u003e Improve decoding performance\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/cryptocoinjs/base-x/compare/v3.0.9...v3.0.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bn.js` from 4.12.0 to 4.12.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/39fe4389c773327ed15f29f77f8b7dbbff4beb4c\"\u003e\u003ccode\u003e39fe438\u003c/code\u003e\u003c/a\u003e 4.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/67ecb35dabaf252001b649c12d69c4b57deac6f6\"\u003e\u003ccode\u003e67ecb35\u003c/code\u003e\u003c/a\u003e backport(4.x): fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c4098bac2470418f8e0f6bf11fe0cb676a2b9047\"\u003e\u003ccode\u003ec4098ba\u003c/code\u003e\u003c/a\u003e 4.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6277fd705e51edae1c404c65f03ba2e512706945\"\u003e\u003ccode\u003e6277fd7\u003c/code\u003e\u003c/a\u003e backport(4.x): Fix imuln/muln with zero (backport of \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ac0d4afaae91701815b9edc19789e44e7690d688\"\u003e\u003ccode\u003eac0d4af\u003c/code\u003e\u003c/a\u003e 4.12.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/a5f14b43ec61bc7cafc6de2e7444913b9f581b00\"\u003e\u003ccode\u003ea5f14b4\u003c/code\u003e\u003c/a\u003e Fix serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/309\"\u003e#309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/0cd2661b9d08512263c940662586042ef8aaccc6\"\u003e\u003ccode\u003e0cd2661\u003c/code\u003e\u003c/a\u003e Remove package-lock.json added by npm\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/indutny/bn.js/compare/v4.12.0...v4.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cipher-base` from 1.0.4 to 1.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md\"\u003ecipher-base's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.6...v1.0.7\"\u003ev1.0.7\u003c/a\u003e - 2025-09-24\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.5...v1.0.6\"\u003ev1.0.6\u003c/a\u003e - 2024-11-26\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] io.js 3.0 - Node.js 5.3 typed array support \u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.4...v1.0.5\"\u003ev1.0.5\u003c/a\u003e - 2024-11-17\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] standard -\u0026gt; eslint, make test dir, etc \u003ca href=\"https://github.com/browserify/cipher-base/commit/ae02fd6624c41ac4ac18077be797111d1955bc76\"\u003e\u003ccode\u003eae02fd6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] migrate from travis to GHA \u003ca href=\"https://github.com/browserify/cipher-base/commit/66387d71461287ad9067bb1bcbfdc47403a33ee7\"\u003e\u003ccode\u003e66387d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix package.json indentation \u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] return valid values on multi-byte-wide TypedArray input \u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/browserify/cipher-base/commit/42528f291db16bf2e7d5f831ebe2ad87fd0b1f42\"\u003e\u003ccode\u003e42528f2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003einherits\u003c/code\u003e, \u003ccode\u003esafe-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/0e7a2d9a33a391e82fa9cf512d6e25cc91ab8613\"\u003e\u003ccode\u003e0e7a2d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add missing \u003ccode\u003eengines.node\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/f2dc13e47bbcf3c873db9a9e0f83e5f29d0783fe\"\u003e\u003ccode\u003ef2dc13e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/00567180c846dd3db3848c9223991c58a0d5490c\"\u003e\u003ccode\u003e0056718\u003c/code\u003e\u003c/a\u003e v1.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e [Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f5249f94611506ef35a8be4d48a3fc5ecf1fac63\"\u003e\u003ccode\u003ef5249f9\u003c/code\u003e\u003c/a\u003e v1.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e [Fix] io.js 3.0 - Node.js 5.3 typed array support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f03cebfdad1cba1d56614c58affa303b0fa2a43e\"\u003e\u003ccode\u003ef03cebf\u003c/code\u003e\u003c/a\u003e v1.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e [meta] fix package.json indentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e [Fix] return valid values on multi-byte-wide TypedArray input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/crypto-browserify/cipher-base/compare/v1.0.4...v1.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for cipher-base since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 5.1.0 to 5.2.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.2 - January 2026\u003c/h2\u003e\n\u003cp\u003eOnly change from 5.2.0 is a backport of the fix to \u003ca href=\"https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx\"\u003ehttps://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev5.2.1 (deprecated)\u003c/h2\u003e\n\u003cp\u003eAccidental release - do not use.\u003c/p\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/compare/v5.1.0...v5.2.0\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/411\"\u003e#411\u003c/a\u003e Big performance improvement. Previously an O(n) array-copying operation inside the innermost loop of jsdiff's base diffing code increased the overall worst-case time complexity of computing a diff from O(n²) to O(n³). This is now fixed, bringing the worst-case time complexity down to what it theoretically should be for a Myers diff implementation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/448\"\u003e#448\u003c/a\u003e Performance improvement. Diagonals whose furthest-reaching D-path would go off the edge of the edit graph are now skipped, rather than being pointlessly considered as called for by the original Myers diff algorithm. This dramatically speeds up computing diffs where the new text just appends or truncates content at the end of the old text.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/351\"\u003e#351\u003c/a\u003e Importing from the lib folder - e.g. \u003ccode\u003erequire(\u0026quot;diff/lib/diff/word.js\u0026quot;)\u003c/code\u003e - will work again now. This had been broken for users on the latest version of Node since Node 17.5.0, which changed how Node interprets the \u003ccode\u003eexports\u003c/code\u003e property in jsdiff's \u003ccode\u003epackage.json\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/344\"\u003e#344\u003c/a\u003e \u003ccode\u003ediffLines\u003c/code\u003e, \u003ccode\u003ecreateTwoFilesPatch\u003c/code\u003e, and other patch-creation methods now take an optional \u003ccode\u003estripTrailingCr: true\u003c/code\u003e option which causes Windows-style \u003ccode\u003e\\r\\n\u003c/code\u003e line endings to be replaced with Unix-style \u003ccode\u003e\\n\u003c/code\u003e line endings before calculating the diff, just like GNU \u003ccode\u003ediff\u003c/code\u003e's \u003ccode\u003e--strip-trailing-cr\u003c/code\u003e flag.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/451\"\u003e#451\u003c/a\u003e Added \u003ccode\u003ediff.formatPatch\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/450\"\u003e#450\u003c/a\u003e Added \u003ccode\u003ediff.reversePatch\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/478\"\u003e#478\u003c/a\u003e Added \u003ccode\u003etimeout\u003c/code\u003e option.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/b7b6339dea15baa636bebe7092ec1cbabf001dea\"\u003e\u003ccode\u003eb7b6339\u003c/code\u003e\u003c/a\u003e v5.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/b5377abefc55cd424e82308515cfbdc4d53ad8a1\"\u003e\u003ccode\u003eb5377ab\u003c/code\u003e\u003c/a\u003e Update package version to 5.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/78017899c4c80d51db805b6e013079cadc6ed0ae\"\u003e\u003ccode\u003e7801789\u003c/code\u003e\u003c/a\u003e Backport \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/649\"\u003ekpdecker/jsdiff#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/042a8372f331ffd3d81b1e4b799409c7d944e6fd\"\u003e\u003ccode\u003e042a837\u003c/code\u003e\u003c/a\u003e Backport \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/647\"\u003ekpdecker/jsdiff#647\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/370a9df73e12f3f4f4f6f001ac19617c4f9c1052\"\u003e\u003ccode\u003e370a9df\u003c/code\u003e\u003c/a\u003e 5.2.0 release (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/483\"\u003e#483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/a2f726abb9bcb01418b157e0eec0b722aef242a1\"\u003e\u003ccode\u003ea2f726a\u003c/code\u003e\u003c/a\u003e Add myself to the list of maintainers (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/482\"\u003e#482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/dfc6fe42b5b793f4d82bfc38f5e5a6f962e757bc\"\u003e\u003ccode\u003edfc6fe4\u003c/code\u003e\u003c/a\u003e Add examples to docs of creating and applying patches (importantly including ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/b5d1cfaa6da8bb759e6082b6164e01bba8b28810\"\u003e\u003ccode\u003eb5d1cfa\u003c/code\u003e\u003c/a\u003e Modify node_example.js to support showing added/deleted spaces (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/479\"\u003e#479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/533893d4e7d7431395cf3fb7962c19ccefba95f0\"\u003e\u003ccode\u003e533893d\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etimeout\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/478\"\u003e#478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/1f1ec9672b3af4ec68abf6c8e52e8beddfae86a8\"\u003e\u003ccode\u003e1f1ec96\u003c/code\u003e\u003c/a\u003e Replace broken link to Myers's paper in the README with a working one (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/476\"\u003e#476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/v5.1.0...v5.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~explodingcabbage\"\u003eexplodingcabbage\u003c/a\u003e, a new releaser for diff since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-xml-parser` from 4.5.3 to 4.5.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/releases\"\u003efast-xml-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eSummary update on all the previous releases from v4.2.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMultiple minor fixes provided in the validator and parser\u003c/li\u003e\n\u003cli\u003ev6 is added for experimental use.\u003c/li\u003e\n\u003cli\u003eignoreAttributes support function, and array of string or regex\u003c/li\u003e\n\u003cli\u003eAdd support for parsing HTML numeric entities\u003c/li\u003e\n\u003cli\u003ev5 of the application is ESM module now. However, JS is also supported\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: Release section in not updated frequently. Please check \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md\"\u003eCHANGELOG\u003c/a\u003e or \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/tags\"\u003eTags\u003c/a\u003e for latest release information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/42fbb0bc95e753e03fe52cb0805a8774bba4bf28\"\u003e\u003ccode\u003e42fbb0b\u003c/code\u003e\u003c/a\u003e update release info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/805671cb6c19108b171b876cf3e8865f18cdb8fd\"\u003e\u003ccode\u003e805671c\u003c/code\u003e\u003c/a\u003e increase expansion limit as many system need it\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/9a2cf097c2961d4ad878f618e39fb0a9f5a0e9e5\"\u003e\u003ccode\u003e9a2cf09\u003c/code\u003e\u003c/a\u003e update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/88d0936a23dabe51bfbf42255e2ce912dfee2221\"\u003e\u003ccode\u003e88d0936\u003c/code\u003e\u003c/a\u003e apply all fixes from v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d4eb6b4713a8d11e6730943392419040898ecbc0\"\u003e\u003ccode\u003ed4eb6b4\u003c/code\u003e\u003c/a\u003e update release version\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v4.5.3...v4.5.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.2.9 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.2.9...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.6 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.6...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `form-data` from 3.0.1 to 3.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/form-data/form-data/releases\"\u003eform-data's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003enpmignore temporary build files (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/532\"\u003e#532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emove util.isArray to Array.isArray (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emigrate from travis to GHA\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/form-data/form-data/blob/master/CHANGELOG.md\"\u003eform-data's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.3...v3.0.4\"\u003ev3.0.4\u003c/a\u003e - 2025-07-16\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/577\"\u003e\u003ccode\u003e[#577](https://github.com/form-data/form-data/issues/577)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[eslint] update linting config \u003ca href=\"https://github.com/form-data/form-data/commit/f5e7eb024bc3fc7e2074ff80f143a4f4cbc1dbda\"\u003e\u003ccode\u003ef5e7eb0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5\"\u003e\u003ccode\u003ed2eb290\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23 \u003ca href=\"https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f\"\u003e\u003ccode\u003ee8c574c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values \u003ca href=\"https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd\"\u003e\u003ccode\u003ec6ced61\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003ehasown\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/1a78b5dd05e508d67e97764d812ac7c6d92ea88d\"\u003e\u003ccode\u003e1a78b5d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method \u003ca href=\"https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4\"\u003e\u003ccode\u003e70bbaa0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add tests to check the behavior of \u003ccode\u003egetBoundary\u003c/code\u003e with non-strings \u003ca href=\"https://github.com/form-data/form-data/commit/b22a64ef94ba4f3f6ff7d1ac72a54cca128567df\"\u003e\u003ccode\u003eb22a64e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] actually ensure the readme backup isn’t published \u003ca href=\"https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea\"\u003e\u003ccode\u003e0150851\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] remove local commit hooks \u003ca href=\"https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769\"\u003e\u003ccode\u003efc42bb9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] remove unused deps \u003ca href=\"https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb\"\u003e\u003ccode\u003ea14d09e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix scripts to use prepublishOnly \u003ca href=\"https://github.com/form-data/form-data/commit/11d9f7338f18a59b431832a3562b49baece0a432\"\u003e\u003ccode\u003e11d9f73\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix readme capitalization \u003ca href=\"https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932\"\u003e\u003ccode\u003efc38b48\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.2...v3.0.3\"\u003ev3.0.3\u003c/a\u003e - 2025-02-14\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/573\"\u003e\u003ccode\u003e[#573](https://github.com/form-data/form-data/issues/573)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/573\"\u003e#573\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/396\"\u003e\u003ccode\u003e[#396](https://github.com/form-data/form-data/issues/396)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003eObject.prototype.hasOwnProperty.call\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/7fecefe4ba8f775634aff86a698776ad95ecffb5\"\u003e\u003ccode\u003e7fecefe\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@types/node\u003c/code\u003e, \u003ccode\u003ebrowserify\u003c/code\u003e, \u003ccode\u003ecoveralls\u003c/code\u003e, \u003ccode\u003ecross-spawn\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003eformidable\u003c/code\u003e, \u003ccode\u003ein-publish\u003c/code\u003e, \u003ccode\u003epkgfiles\u003c/code\u003e, \u003ccode\u003epre-commit\u003c/code\u003e, \u003ccode\u003epuppeteer\u003c/code\u003e, \u003ccode\u003erequest\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e, \u003ccode\u003etypescript\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/8261fcb8bf5944d30ae3bd04b91b71d6a9932ef4\"\u003e\u003ccode\u003e8261fcb\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/form-data/form-data/commit/b82f59093cdbadb4b7ec0922d33ae7ab048b82ff\"\u003e\u003ccode\u003eb82f590\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] pin \u003ccode\u003erequest\u003c/code\u003e which via \u003ccode\u003etough-cookie\u003c/code\u003e ^2.4 depends on \u003ccode\u003epsl\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/e5df7f24383342264bd73dee3274818a40d04065\"\u003e\u003ccode\u003ee5df7f2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003emime-types\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/5a5bafee894fead10da49e1fa2b084e17f2e1034\"\u003e\u003ccode\u003e5a5bafe\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.1...v3.0.2\"\u003ev3.0.2\u003c/a\u003e - 2024-10-10\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix (npmignore): ignore temporary build files \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/532\"\u003e\u003ccode\u003e[#532](https://github.com/form-data/form-data/issues/532)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] migrate from travis to GHA \u003ca href=\"https://github.com/form-data/form-data/commit/8fdb3bc6b5d001f8909a9fca391d1d1d97ef1d79\"\u003e\u003ccode\u003e8fdb3bc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] clean up ignores \u003ca href=\"https://github.com/form-data/form-data/commit/3217b3ded8e382e51171d5c74c6038a21cc54440\"\u003e\u003ccode\u003e3217b3d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: move util.isArray to Array.isArray (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/564\"\u003e#564\u003c/a\u003e) \u003ca href=\"https://github.com/form-data/form-data/commit/edb555a811f6f7e4668db4831551cf41c1de1cac\"\u003e\u003ccode\u003eedb555a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/9c82fcdf0858b2764060a87803a55375ffbee6ed\"\u003e\u003ccode\u003e9c82fcd\u003c/code\u003e\u003c/a\u003e v3.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f\"\u003e\u003ccode\u003ee8c574c\u003c/code\u003e\u003c/a\u003e [Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd\"\u003e\u003ccode\u003ec6ced61\u003c/code\u003e\u003c/a\u003e [Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea\"\u003e\u003ccode\u003e0150851\u003c/code\u003e\u003c/a\u003e [meta] actually ensure the readme backup isn’t published\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932\"\u003e\u003ccode\u003efc38b48\u003c/code\u003e\u003c/a\u003e [meta] fix readme capitalization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5\"\u003e\u003ccode\u003ed2eb290\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769\"\u003e\u003ccode\u003efc42bb9\u003c/code\u003e\u003c/a\u003e [meta] remove local commit hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb\"\u003e\u003ccode\u003ea14d09e\u003c/code\u003e\u003c/a\u003e [Dev Deps] remove unused deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/002b9b0c4862576305292ac44f7be25ec7ccea0e\"\u003e\u003ccode\u003e002b9b0\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4\"\u003e\u003ccode\u003e70bbaa0\u003c/code\u003e\u003c/a\u003e [Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.1...v3.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for form-data since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `http-proxy-middleware` from 2.0.6 to 2.0.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/releases\"\u003ehttp-proxy-middleware's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(fixRequestBody): check readableLength by \u003ca href=\"https://github.com/chimurai\"\u003e\u003ccode\u003e@​chimurai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/pull/1097\"\u003echimurai/http-proxy-middleware#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(package): v2.0.9 by \u003ca href=\"https://github.com/chimurai\"\u003e\u003ccode\u003e@​chimurai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/pull/1099\"\u003echimurai/http-proxy-middleware#1099\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.8...v2.0.9\"\u003ehttps://github.com/chimurai/http-proxy-middleware/compare/v2.0.8...v2.0.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(fixRequestBody): prevent multiple .write() calls by \u003ca href=\"https://github.com/chimurai\"\u003e\u003ccode\u003e@​chimurai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/pull/1090\"\u003echimurai/http-proxy-middleware#1090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(fixRequestBody): handle invalid request by \u003ca href=\"https://github.com/chimurai\"\u003e\u003ccode\u003e@​chimurai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/pull/1091\"\u003echimurai/http-proxy-middleware#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(package): v2.0.8 by \u003ca href=\"https://github.com/chimurai\"\u003e\u003ccode\u003e@​chimurai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/pull/1094\"\u003echimurai/http-proxy-middleware#1094\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.8\"\u003ehttps://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7\"\u003ehttps://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.7-beta.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7-beta.0...v2.0.7-beta.1\"\u003ehttps://github.com/chimurai/http-proxy-middleware/compare/v2.0.7-beta.0...v2.0.7-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.7-beta.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7-beta.0\"\u003ehttps://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7-beta.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md\"\u003ehttp-proxy-middleware's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.9\"\u003ev2.0.9\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(fixRequestBody): check readableLength\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.8\"\u003ev2.0.8\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(fixRequestBody): prevent multiple .write() calls\u003c/li\u003e\n\u003cli\u003efix(fixRequestBody): handle invalid request\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.7\"\u003ev2.0.7\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci(github actions): add publish.yml\u003c/li\u003e\n\u003cli\u003efix(filter): handle errors\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/617a7c9da9cc90ecc00b0c8b1c2f6a385c879cb1\"\u003e\u003ccode\u003e617a7c9\u003c/code\u003e\u003c/a\u003e chore(package): v2.0.9 (\u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/issues/1099\"\u003e#1099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/d22d58764832fea429d60109a19e1a23136d4425\"\u003e\u003ccode\u003ed22d587\u003c/code\u003e\u003c/a\u003e fix(fixRequestBody): check readableLength (\u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/d03d51b54ac8d40db8438a8b216cf1ea92bb7849\"\u003e\u003ccode\u003ed03d51b\u003c/code\u003e\u003c/a\u003e chore(package): v2.0.8 (\u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/issues/1094\"\u003e#1094\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/c50dd06d9102fbb81dd4cbad7a295dddee5f6e1e\"\u003e\u003ccode\u003ec50dd06\u003c/code\u003e\u003c/a\u003e fix(fixRequestBody): handle invalid request (\u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/issues/1091\"\u003e#1091\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/76a9d8d6dc2b971f63df19d805c7ab656540525b\"\u003e\u003ccode\u003e76a9d8d\u003c/code\u003e\u003c/a\u003e fix(fixRequestBody): prevent multiple .write() calls (\u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/1e9233909839962bb3c1980848ad499b4757a71d\"\u003e\u003ccode\u003e1e92339\u003c/code\u003e\u003c/a\u003e ci(github-actions): fix npm tag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/90afb7c9a658b32cc8fe0...\n\n_Description has been truncated_","html_url":"https://github.com/MetaMask/snap-simple-keyring/pull/174","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Fsnap-simple-keyring/issues/174","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/174/packages"},{"uuid":"4368385829","node_id":"PR_kwDORrxkis7XnbD7","number":1,"state":"open","title":"Bump the npm_and_yarn group across 6 directories with 29 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-02T07:59:24.000Z","updated_at":"2026-05-02T08:00:50.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":29,"packages":[{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"brace-expansion","old_version":"2.0.1","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"9.0.5","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"form-data","old_version":"3.0.3","new_version":"3.0.4","repository_url":"https://github.com/form-data/form-data"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"on-headers","old_version":"1.0.2","new_version":"1.1.0","repository_url":"https://github.com/jshttp/on-headers"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"2.7.1","new_version":"2.8.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.1","repository_url":"https://github.com/ljharb/qs"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"webpack","old_version":"5.99.5","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 17 updates in the /weather-ai directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [form-data](https://github.com/form-data/form-data) | `3.0.3` | `3.0.4` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [yaml](https://github.com/eemeli/yaml) | `2.7.1` | `2.8.3` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.1` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.99.5` | `5.106.2` |\n\nBumps the npm_and_yarn group with 3 updates in the /webmcp-evals directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [minimatch](https://github.com/isaacs/minimatch) and [protobufjs](https://github.com/protobufjs/protobuf.js).\nBumps the npm_and_yarn group with 5 updates in the /toxic-review-warning directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [svgo](https://github.com/svg/svgo) | `2.8.0` | `2.8.2` |\n| [@parcel/reporter-dev-server](https://github.com/parcel-bundler/parcel) | `2.12.0` | `2.16.4` |\n| [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.1` | `2.1.4` |\n| [tar-fs](https://github.com/mafintosh/tar-fs) | `3.0.6` | `3.1.2` |\n\nBumps the npm_and_yarn group with 4 updates in the /summary-of-summaries directory: [postcss](https://github.com/postcss/postcss), [rollup](https://github.com/rollup/rollup), [uuid](https://github.com/uuidjs/uuid) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 3 updates in the /summarization-api-playground directory: [postcss](https://github.com/postcss/postcss), [rollup](https://github.com/rollup/rollup) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 6 updates in the /prompt-api-polyfill directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.13` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.4` | `7.5.6` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.1` | `7.3.2` |\n\n\nUpdates `js-yaml` from 3.14.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.1 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 9.0.5 to 9.0.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 5.1.6 to 5.1.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.9 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.9...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `form-data` from 3.0.3 to 3.0.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/form-data/form-data/blob/master/CHANGELOG.md\"\u003eform-data's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.3...v3.0.4\"\u003ev3.0.4\u003c/a\u003e - 2025-07-16\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/577\"\u003e\u003ccode\u003e[#577](https://github.com/form-data/form-data/issues/577)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[eslint] update linting config \u003ca href=\"https://github.com/form-data/form-data/commit/f5e7eb024bc3fc7e2074ff80f143a4f4cbc1dbda\"\u003e\u003ccode\u003ef5e7eb0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5\"\u003e\u003ccode\u003ed2eb290\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23 \u003ca href=\"https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f\"\u003e\u003ccode\u003ee8c574c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values \u003ca href=\"https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd\"\u003e\u003ccode\u003ec6ced61\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003ehasown\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/1a78b5dd05e508d67e97764d812ac7c6d92ea88d\"\u003e\u003ccode\u003e1a78b5d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method \u003ca href=\"https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4\"\u003e\u003ccode\u003e70bbaa0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add tests to check the behavior of \u003ccode\u003egetBoundary\u003c/code\u003e with non-strings \u003ca href=\"https://github.com/form-data/form-data/commit/b22a64ef94ba4f3f6ff7d1ac72a54cca128567df\"\u003e\u003ccode\u003eb22a64e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] actually ensure the readme backup isn’t published \u003ca href=\"https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea\"\u003e\u003ccode\u003e0150851\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] remove local commit hooks \u003ca href=\"https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769\"\u003e\u003ccode\u003efc42bb9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] remove unused deps \u003ca href=\"https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb\"\u003e\u003ccode\u003ea14d09e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix scripts to use prepublishOnly \u003ca href=\"https://github.com/form-data/form-data/commit/11d9f7338f18a59b431832a3562b49baece0a432\"\u003e\u003ccode\u003e11d9f73\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix readme capitalization \u003ca href=\"https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932\"\u003e\u003ccode\u003efc38b48\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/9c82fcdf0858b2764060a87803a55375ffbee6ed\"\u003e\u003ccode\u003e9c82fcd\u003c/code\u003e\u003c/a\u003e v3.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f\"\u003e\u003ccode\u003ee8c574c\u003c/code\u003e\u003c/a\u003e [Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd\"\u003e\u003ccode\u003ec6ced61\u003c/code\u003e\u003c/a\u003e [Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea\"\u003e\u003ccode\u003e0150851\u003c/code\u003e\u003c/a\u003e [meta] actually ensure the readme backup isn’t published\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932\"\u003e\u003ccode\u003efc38b48\u003c/code\u003e\u003c/a\u003e [meta] fix readme capitalization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5\"\u003e\u003ccode\u003ed2eb290\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769\"\u003e\u003ccode\u003efc42bb9\u003c/code\u003e\u003c/a\u003e [meta] remove local commit hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb\"\u003e\u003ccode\u003ea14d09e\u003c/code\u003e\u003c/a\u003e [Dev Deps] remove unused deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/002b9b0c4862576305292ac44f7be25ec7ccea0e\"\u003e\u003ccode\u003e002b9b0\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4\"\u003e\u003ccode\u003e70bbaa0\u003c/code\u003e\u003c/a\u003e [Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.3...v3.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsonpath` from 1.1.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `on-headers` from 1.0.2 to 1.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jshttp/on-headers/releases\"\u003eon-headers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.1.0\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-7339\"\u003eCVE-2025-7339\u003c/a\u003e (\u003ca href=\"https://github.com/jshttp/on-headers/security/advisories/GHSA-76c9-3jph-rj3q\"\u003eGHSA-76c9-3jph-rj3q\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate CI pipeline to GitHub actions by \u003ca href=\"https://github.com/carpasse\"\u003e\u003ccode\u003e@​carpasse\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/12\"\u003ejshttp/on-headers#12\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix README.md badges by \u003ca href=\"https://github.com/carpasse\"\u003e\u003ccode\u003e@​carpasse\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/13\"\u003ejshttp/on-headers#13\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd OSSF scorecard action by \u003ca href=\"https://github.com/carpasse\"\u003e\u003ccode\u003e@​carpasse\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/14\"\u003ejshttp/on-headers#14\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: use \u003ccode\u003eubuntu-latest\u003c/code\u003e as ci runner by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/19\"\u003ejshttp/on-headers#19\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: apply OSSF Scorecard security best practices by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/20\"\u003ejshttp/on-headers#20\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e👷 add upstream change detection by \u003ca href=\"https://github.com/ctcpip\"\u003e\u003ccode\u003e@​ctcpip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/31\"\u003ejshttp/on-headers#31\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ add script to update known hashes by \u003ca href=\"https://github.com/ctcpip\"\u003e\u003ccode\u003e@​ctcpip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/32\"\u003ejshttp/on-headers#32\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e💚 update CI - add newer node versions by \u003ca href=\"https://github.com/ctcpip\"\u003e\u003ccode\u003e@​ctcpip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/33\"\u003ejshttp/on-headers#33\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carpasse\"\u003e\u003ccode\u003e@​carpasse\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/12\"\u003ejshttp/on-headers#12\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/19\"\u003ejshttp/on-headers#19\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ctcpip\"\u003e\u003ccode\u003e@​ctcpip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/31\"\u003ejshttp/on-headers#31\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0\"\u003ehttps://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jshttp/on-headers/blob/master/HISTORY.md\"\u003eon-headers's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.1.0 / 2025-07-17\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-7339\"\u003eCVE-2025-7339\u003c/a\u003e (\u003ca href=\"https://github.com/jshttp/on-headers/security/advisories/GHSA-76c9-3jph-rj3q\"\u003eGHSA-76c9-3jph-rj3q\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/on-headers/commit/4b017af88f5375bbdf3ad2ee732d2c122e4f52b0\"\u003e\u003ccode\u003e4b017af\u003c/code\u003e\u003c/a\u003e 1.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/on-headers/commit/b636f2d08e6c1e0a784b53a13cd61e05c09bb118\"\u003e\u003ccode\u003eb636f2d\u003c/code\u003e\u003c/a\u003e ♻️ refactor header array code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/on-headers/commit/3e2c2d46c3e9592f6a1c3a3a1dbe622401f95d39\"\u003e\u003ccode\u003e3e2c2d4\u003c/code\u003e\u003c/a\u003e ✨ ignore falsy header keys, matching node behavior\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/on-headers/commit/172eb41b99a5a290b27a2c43fe602ca33aa1c8ce\"\u003e\u003ccode\u003e172eb41\u003c/code\u003e\u003c/a\u003e ✨ support duplicate headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/on-headers/commit/c6e384908c9c6127d18831d16ab0bd96e1231867\"\u003e\u003ccode\u003ec6e3849\u003c/code\u003e\u003c/a\u003e 🔒️ fix array handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/on-headers/commit/6893518341bb4e5363285df086b3158302d3b216\"\u003e\u003ccode\u003e6893518\u003c/code\u003e\u003c/a\u003e 💚 update CI - add newer node versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/on-headers/commit/56a345d82b51a0dcb8d09f061f87b1fd1dc4c01e\"\u003e\u003ccode\u003e56a345d\u003c/code\u003e\u003c/a\u003e ✨ add script to update known hashes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/on-headers/commit/175ab217155d525371a5416ff059f895a3a532a6\"\u003e\u003ccode\u003e175ab21\u003c/code\u003e\u003c/a\u003e 👷 add upstream change detection (\u003ca href=\"https://redirect.github.com/jshttp/on-headers/issues/31\"\u003e#31\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/on-headers/commit/ce0b2c8fcd313d38d3534fb731050dc16e105bf6\"\u003e\u003ccode\u003ece0b2c8\u003c/code\u003e\u003c/a\u003e ci: apply OSSF Scorecard security best practices (\u003ca href=\"https://redirect.github.com/jshttp/on-headers/issues/20\"\u003e#20\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/on-headers/commit/1a38c543e75cd06217b449531de10b1758e35299\"\u003e\u003ccode\u003e1a38c54\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003eubuntu-latest\u003c/code\u003e as ci runner (\u003ca href=\"https://redirect.github.com/jshttp/on-headers/issues/19\"\u003e#19\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for on-headers since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.7 / 2015-07-28\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression with escaped round brackets and matching groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.6 / 2015-06-19\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eindex\u003c/code\u003e feature by outputting all parameters, unnamed and named.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.5 / 2015-05-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an index property for position in match result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.4 / 2015-03-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd license information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.3 / 2014-07-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBetter array support\u003c/li\u003e\n\u003cli\u003eImproved support for trailing slash in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.0 / 2014-03-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eadd options.end\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.0.2 / 2013-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to match current express\u003c/li\u003e\n\u003cli\u003eadd .license property to component.json\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0\"\u003e\u003ccode\u003e9fd0c87\u003c/code\u003e\u003c/a\u003e 0.1.13 (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/425\"\u003e#425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45\"\u003e\u003ccode\u003e7ccf02c\u003c/code\u003e\u003c/a\u003e fix: CVE-2026-4867\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for path-to-regexp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 1.10.2 to 1.10.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/cfe8f0437054ff5fbfe6499894f55b3316a54959\"\u003e\u003ccode\u003ecfe8f04\u003c/code\u003e\u003c/a\u003e 1.10.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/7abcf45dd63f0bc626890ad9a8cdeb397f92be73\"\u003e\u003ccode\u003e7abcf45\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during CST composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a0252f8b056f49875d1b79edb8709cff7d7d0dc6\"\u003e\u003ccode\u003ea0252f8\u003c/code\u003e\u003c/a\u003e chore: Add rules avoiding processing of tests/json-test-suite\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a5e83b05f7124c31b4784b613f0c669959a5ed48\"\u003e\u003ccode\u003ea5e83b0\u003c/code\u003e\u003c/a\u003e style: Apply updates Prettier rules\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/b8ddca0a5d4794a3c60f252d3513e6ff7068fdf0\"\u003e\u003ccode\u003eb8ddca0\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/395f892ec9a26b9038c8db388b675c3281ab8cd3\"\u003e\u003ccode\u003e395f892\u003c/code\u003e\u003c/a\u003e ci: Use a different (working) submodule checkout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6fd272052751775e48196024d4bed639cc1e0350\"\u003e\u003ccode\u003e6fd2720\u003c/code\u003e\u003c/a\u003e test-events: Add {} and [] indicators to flow maps \u0026amp; sequences\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v1.10.2...v1.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.7.1 to 2.8.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/cfe8f0437054ff5fbfe6499894f55b3316a54959\"\u003e\u003ccode\u003ecfe8f04\u003c/code\u003e\u003c/a\u003e 1.10.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/7abcf45dd63f0bc626890ad9a8cdeb397f92be73\"\u003e\u003ccode\u003e7abcf45\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during CST composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a0252f8b056f49875d1b79edb8709cff7d7d0dc6\"\u003e\u003ccode\u003ea0252f8\u003c/code\u003e\u003c/a\u003e chore: Add rules avoiding processing of tests/json-test-suite\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a5e83b05f7124c31b4784b613f0c669959a5ed48\"\u003e\u003ccode\u003ea5e83b0\u003c/code\u003e\u003c/a\u003e style: Apply updates Prettier rules\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/b8ddca0a5d4794a3c60f252d3513e6ff7068fdf0\"\u003e\u003ccode\u003eb8ddca0\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/395f892ec9a26b9038c8db388b675c3281ab8cd3\"\u003e\u003ccode\u003e395f892\u003c/code\u003e\u003c/a\u003e ci: Use a different (working) submodule checkout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6fd272052751775e48196024d4bed639cc1e0350\"\u003e\u003ccode\u003e6fd2720\u003c/code\u003e\u003c/a\u003e test-events: Add {} and [] indicators to flow maps \u0026amp; sequences\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v1.10.2...v1.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.13.0 to 6.15.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.3\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003e[Fix] fix regressions from robustness refactor\n[actions] update reusable workflows\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/c85b67f0a35897c2d3d1dd2766a3c8f1bd9b371f\"\u003e\u003ccode\u003ec85b67f\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: ...\n\n_Description has been truncated_","html_url":"https://github.com/danielbodnar/web-ai-demos/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielbodnar%2Fweb-ai-demos/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4368309205","node_id":"PR_kwDORPlW787XnL58","number":1,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 8 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-02T07:26:55.000Z","updated_at":"2026-05-02T07:28:53.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":8,"packages":[{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"jsonpath","old_version":"1.2.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.23","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.3","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.2.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.3` | `1.4.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 5.1.6 to 5.1.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsonpath` from 1.2.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.23 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.3 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.3...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 2.79.2 to 2.80.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.80.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6277\"\u003e#6277\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d17ae15336a45c3c59b2a4aacac2b14186035d28\"\u003e\u003ccode\u003ed17ae15\u003c/code\u003e\u003c/a\u003e 2.80.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\"\u003e\u003ccode\u003ed6dee5e\u003c/code\u003e\u003c/a\u003e Validate bundle stays within output dir (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rollup/rollup/compare/v2.79.2...v2.80.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/codewithaustin1/sharp-portfolio/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/codewithaustin1/sharp-portfolio/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/codewithaustin1%2Fsharp-portfolio/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4367910097","node_id":"PR_kwDOOjqxP87Xl-ih","number":10,"state":"open","title":"Bump the npm_and_yarn group across 8 directories with 10 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-02T04:30:09.000Z","updated_at":"2026-05-02T04:31:22.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":10,"packages":[{"name":"next","old_version":"12.2.0","new_version":"16.2.4","repository_url":"https://github.com/vercel/next.js"},{"name":"uuid","old_version":"8.3.2","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"next-auth","old_version":"4.10.3","new_version":"4.24.12","repository_url":"https://github.com/nextauthjs/next-auth"},{"name":"@stablelib/ed25519","old_version":"1.0.2","new_version":"2.1.0","repository_url":"https://github.com/StableLib/stablelib"},{"name":"ajv","old_version":"8.11.0","new_version":"8.18.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"bn.js","old_version":"5.2.1","new_version":"5.2.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"bn.js","old_version":"4.12.0","new_version":"4.12.3","repository_url":"https://github.com/indutny/bn.js"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [next](https://github.com/vercel/next.js) | `12.2.0` | `16.2.4` |\n| [uuid](https://github.com/uuidjs/uuid) | `8.3.2` | `14.0.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [next-auth](https://github.com/nextauthjs/next-auth) | `4.10.3` | `4.24.12` |\n| [@stablelib/ed25519](https://github.com/StableLib/stablelib) | `1.0.2` | `2.1.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.11.0` | `8.18.0` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [bn.js](https://github.com/indutny/bn.js) | `5.2.1` | `5.2.3` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.12.0` | `4.12.3` |\n\nBumps the npm_and_yarn group with 1 update in the /packages/demo-issuer directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /packages/demo-revocation directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 2 updates in the /packages/demo-verifier directory: [next](https://github.com/vercel/next.js) and [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /packages/e2e-demo directory: [next](https://github.com/vercel/next.js) and [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /packages/solana directory: [bn.js](https://github.com/indutny/bn.js) and [picomatch](https://github.com/micromatch/picomatch).\nBumps the npm_and_yarn group with 2 updates in the /packages/verite directory: [uuid](https://github.com/uuidjs/uuid) and [@stablelib/ed25519](https://github.com/StableLib/stablelib).\nBumps the npm_and_yarn group with 1 update in the /packages/wallet directory: [uuid](https://github.com/uuidjs/uuid).\n\nUpdates `next` from 12.2.0 to 16.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev16.2.4\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: Bump reqwest to 0.13.2 (Fixes Google Fonts with Turbopack for Windows on ARM64) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92713\"\u003e#92713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: fix filesystem watcher config not applying follow_symlinks(false) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92631\"\u003e#92631\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eScope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92580\"\u003e#92580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCompiler: Support boolean and number primtives in next.config defines (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92731\"\u003e#92731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eturbo-tasks: Fix recomputation loop by allowing cell cleanup on error during recomputation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92725\"\u003e#92725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: shorter error for ChunkGroupInfo::get_index_of (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92814\"\u003e#92814\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: shorter error message for ModuleBatchesGraph::get_entry_index (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92828\"\u003e#92828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdding more system info to the 'initialize project' trace (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92427\"\u003e#92427\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/Badbird5907\"\u003e\u003ccode\u003e@​Badbird5907\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukesandberg\"\u003e\u003ccode\u003e@​lukesandberg\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/andrewimm\"\u003e\u003ccode\u003e@​andrewimm\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/sokra\"\u003e\u003ccode\u003e@​sokra\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/mischnic\"\u003e\u003ccode\u003e@​mischnic\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003ch2\u003ev16.2.3\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see \u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e. The release does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure app-page reports stale ISR revalidation errors via onRequestError (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92282\"\u003e#92282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91981\"\u003e#91981\u003c/a\u003e through \u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92273\"\u003e#92273\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeduplicate output assets and detect content conflicts on emit (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92292\"\u003e#92292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix styled-jsx race condition: styles lost due to concurrent rendering (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92459\"\u003e#92459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eturbo-tasks-backend: stability fixes for task cancellation and error handling (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92254\"\u003e#92254\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/icyJoseph\"\u003e\u003ccode\u003e@​icyJoseph\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/sokra\"\u003e\u003ccode\u003e@​sokra\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/wbinnssmith\"\u003e\u003ccode\u003e@​wbinnssmith\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/eps1lon\"\u003e\u003ccode\u003e@​eps1lon\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/ztanner\"\u003e\u003ccode\u003e@​ztanner\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003ch2\u003ev16.2.2\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport: Move expanded adapters docs to API reference (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92115\"\u003e#92115\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92129\"\u003e#92129\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBackport: TypeScript v6 deprecations for baseUrl and moduleResolution (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92130\"\u003e#92130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[create-next-app] Skip interactive prompts when CLI flags are provided (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91840\"\u003e#91840\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003enext.config.js: Accept an option for serverFastRefresh (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91968\"\u003e#91968\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: enable server HMR for app route handlers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91466\"\u003e#91466\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: exclude metadata routes from server HMR (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92034\"\u003e#92034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CI for glibc linux builds\u003c/li\u003e\n\u003cli\u003eBackport: disable bmi2 in qfilter \u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92177\"\u003e#92177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[backport] Fix CSS HMR on Safari (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92174\"\u003e#92174\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2275bd8598c88e8652d1271e74bcf972f72f4f38\"\u003e\u003ccode\u003e2275bd8\u003c/code\u003e\u003c/a\u003e v16.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/e07398321a37115626b0271697e51418db109cad\"\u003e\u003ccode\u003ee073983\u003c/code\u003e\u003c/a\u003e Adding more system info to the 'initialize project' trace (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92427\"\u003e#92427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/8a540b58b683bb79667d6e908d45df0e9e9c9f9c\"\u003e\u003ccode\u003e8a540b5\u003c/code\u003e\u003c/a\u003e Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92\"\u003e#92\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2f5343fafb2052c59cf62018252b75da3e7d424a\"\u003e\u003ccode\u003e2f5343f\u003c/code\u003e\u003c/a\u003e Turbopack: shorter error for ChunkGroupInfo::get_index_of (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92814\"\u003e#92814\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2ad9d3fb58801adb7df87873fc299a4e9a5ab199\"\u003e\u003ccode\u003e2ad9d3f\u003c/code\u003e\u003c/a\u003e turbo-tasks: Fix recomputation loop by allowing cell cleanup on error during ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/6f3808e2043d168d4fb6fa3f9184e755076a16b0\"\u003e\u003ccode\u003e6f3808e\u003c/code\u003e\u003c/a\u003e Compiler: Support boolean and number primtives in next.config defines (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92731\"\u003e#92731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fbc7684ecbd360da8af602e50780637fc79354d5\"\u003e\u003ccode\u003efbc7684\u003c/code\u003e\u003c/a\u003e Scope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92580\"\u003e#92580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/805d758d935beb0abbc70639c6af0fc9d839273b\"\u003e\u003ccode\u003e805d758\u003c/code\u003e\u003c/a\u003e Turbopack: fix filesystem watcher config not applying follow_symlinks(false) ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/1056fae3565d88719ef41f5b05447ace75e26d7e\"\u003e\u003ccode\u003e1056fae\u003c/code\u003e\u003c/a\u003e chore: Bump reqwest to 0.13.2 (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92713\"\u003e#92713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d5f649b2f4affdad1009cb178c1e3b37f4f1ad3f\"\u003e\u003ccode\u003ed5f649b\u003c/code\u003e\u003c/a\u003e v16.2.3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v12.2.0...v16.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 8.3.2 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d61d6ac1f782cf6b1dd8661c60f11722cd49a0d\"\u003e3d61d6a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v8.3.2...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next-auth` from 4.10.3 to 4.24.12\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nextauthjs/next-auth/commit/1f48cf7cbbc43517174cb47b4eb5dd402025c8b7\"\u003e\u003ccode\u003e1f48cf7\u003c/code\u003e\u003c/a\u003e chore(release): bump version [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nextauthjs/next-auth/commit/4758a2f1ff185c9759df0c558b03fe931920d0a5\"\u003e\u003ccode\u003e4758a2f\u003c/code\u003e\u003c/a\u003e ci: add \u003ccode\u003eworkflow_dispatch\u003c/code\u003e for release.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nextauthjs/next-auth/commit/d3aecfe1f150434e1cfff21c291277137266827a\"\u003e\u003ccode\u003ed3aecfe\u003c/code\u003e\u003c/a\u003e feat: add next 16 support (\u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/issues/13303\"\u003e#13303\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nextauthjs/next-auth/commit/82efcf81f218aae43683f8dd2f7c260ef69b3ece\"\u003e\u003ccode\u003e82efcf8\u003c/code\u003e\u003c/a\u003e fix: security issue from \u003ccode\u003enodemailer\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/issues/13304\"\u003e#13304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nextauthjs/next-auth/commit/798c3d59274cddc5ad22d4a68c211736f0deb191\"\u003e\u003ccode\u003e798c3d5\u003c/code\u003e\u003c/a\u003e docs: update banner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nextauthjs/next-auth/commit/02d3480f8d8405af52eaa0cdc2f8f75bb7e8b4e8\"\u003e\u003ccode\u003e02d3480\u003c/code\u003e\u003c/a\u003e chore: remove clerk ads\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nextauthjs/next-auth/commit/7f88fa0ba97e7aab43c931dfe674e51748723da3\"\u003e\u003ccode\u003e7f88fa0\u003c/code\u003e\u003c/a\u003e chore: remove sponsors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nextauthjs/next-auth/commit/46e01af41fc028f22322f225f4f03c0dce069035\"\u003e\u003ccode\u003e46e01af\u003c/code\u003e\u003c/a\u003e chore(docs): update credentials.md app router route.js filename (\u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/issues/13025\"\u003e#13025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nextauthjs/next-auth/commit/11939f2f70495c0408d0187dbfa0741fdd5916e6\"\u003e\u003ccode\u003e11939f2\u003c/code\u003e\u003c/a\u003e feat(core): add default cache control headers for GET endpoints (\u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/issues/12627\"\u003e#12627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nextauthjs/next-auth/commit/918a6ac37beb766402940db64584df407668bbea\"\u003e\u003ccode\u003e918a6ac\u003c/code\u003e\u003c/a\u003e docs: Update FAQ with \u003ccode\u003eallowDangerousEmailAccountLinking\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/issues/12586\"\u003e#12586\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nextauthjs/next-auth/compare/next-auth@v4.10.3...next-auth@4.24.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~himself_65\"\u003ehimself_65\u003c/a\u003e, a new releaser for next-auth since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@stablelib/ed25519` from 1.0.2 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/StableLib/stablelib/commit/66167351414c7d80aed1403906f3d648a4592375\"\u003e\u003ccode\u003e6616735\u003c/code\u003e\u003c/a\u003e Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/StableLib/stablelib/commit/43db6a1fbc29484b98cf54a47f0583481875dbaf\"\u003e\u003ccode\u003e43db6a1\u003c/code\u003e\u003c/a\u003e Reject non-canonical public keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/StableLib/stablelib/commit/fa3894ebbc157414f6f1636838875b770ff2f64e\"\u003e\u003ccode\u003efa3894e\u003c/code\u003e\u003c/a\u003e Reject non-canonical signatures to prevent malleability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/StableLib/stablelib/commit/72336cc655704421d2433eaa2b22eb2a6b626196\"\u003e\u003ccode\u003e72336cc\u003c/code\u003e\u003c/a\u003e Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/StableLib/stablelib/commit/7c27bd4988353b490fd29f51918e68257d7fec13\"\u003e\u003ccode\u003e7c27bd4\u003c/code\u003e\u003c/a\u003e utf8: throw when encoding lone surrogates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/StableLib/stablelib/commit/99bee56f6af6211d037c35e3eef749f3c1e84502\"\u003e\u003ccode\u003e99bee56\u003c/code\u003e\u003c/a\u003e Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/StableLib/stablelib/commit/6d8cbcd2558ce784e535a333106b46dd3c2e736a\"\u003e\u003ccode\u003e6d8cbcd\u003c/code\u003e\u003c/a\u003e Add file extensions to relative imports.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/StableLib/stablelib/commit/771ba76c98586d626d4d0417dfe7b4ea6139e750\"\u003e\u003ccode\u003e771ba76\u003c/code\u003e\u003c/a\u003e Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/StableLib/stablelib/commit/7f831e4474def2c2b8bfc9b91d386ab175871153\"\u003e\u003ccode\u003e7f831e4\u003c/code\u003e\u003c/a\u003e Ensure the secret key length is 64 bytes when signing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/StableLib/stablelib/commit/ecfe9109b3c05419fd3ffc16da6c8255b08ad64f\"\u003e\u003ccode\u003eecfe910\u003c/code\u003e\u003c/a\u003e Add --no-ci to lerna bootstrap\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/StableLib/stablelib/compare/@stablelib/ed25519@1.0.2...@stablelib/ed25519@2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.11.0 to 8.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.17.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebump version to 8.17.1 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2472\"\u003eajv-validator/ajv#2472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.0...v8.17.1\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.0...v8.17.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePlus everything in 8.17.0 which failed to release\u003c/h2\u003e\n\u003cp\u003eThe only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.\u003c/p\u003e\n\u003cp\u003eRevert \u0026quot;Revert fast-uri change (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2444\"\u003eajv-validator/ajv#2444\u003c/a\u003e)\u0026quot; by \u003ca href=\"https://github.com/gurgunday\"\u003e\u003ccode\u003e@​gurgunday\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2448\"\u003eajv-validator/ajv#2448\u003c/a\u003e\nfix: ignore new eslint error for \u003ccode\u003e@​typescript-eslint/no-extraneous-class\u003c/code\u003e by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2455\"\u003eajv-validator/ajv#2455\u003c/a\u003e\ndocs: clarify behaviour of addVocabulary by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2454\"\u003eajv-validator/ajv#2454\u003c/a\u003e\ndocs: refactor to improve legibility by \u003ca href=\"https://github.com/blottn\"\u003e\u003ccode\u003e@​blottn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2432\"\u003eajv-validator/ajv#2432\u003c/a\u003e\nFix grammatical typo in managing-schemas.md by \u003ca href=\"https://github.com/wetneb\"\u003e\u003ccode\u003e@​wetneb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2305\"\u003eajv-validator/ajv#2305\u003c/a\u003e\ndocs: Fix broken strict-mode link by \u003ca href=\"https://github.com/alexanderjsx\"\u003e\u003ccode\u003e@​alexanderjsx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2459\"\u003eajv-validator/ajv#2459\u003c/a\u003e\nfeat: add test for encoded refs and bump fast-uri by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2449\"\u003eajv-validator/ajv#2449\u003c/a\u003e\nfix: changes for \u003ccode\u003e@​typescript-eslint/array-type\u003c/code\u003e rule by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2467\"\u003eajv-validator/ajv#2467\u003c/a\u003e\nfixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2217\"\u003eajv-validator/ajv#2217\u003c/a\u003e - clarify custom keyword naming by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2457\"\u003eajv-validator/ajv#2457\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.17.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThe only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;Revert fast-uri change (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2444\"\u003e#2444\u003c/a\u003e)\u0026quot; by \u003ca href=\"https://github.com/gurgunday\"\u003e\u003ccode\u003e@​gurgunday\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2448\"\u003eajv-validator/ajv#2448\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: ignore new eslint error for \u003ccode\u003e@​typescript-eslint/no-extraneous-class\u003c/code\u003e by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2455\"\u003eajv-validator/ajv#2455\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify behaviour of addVocabulary by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2454\"\u003eajv-validator/ajv#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: refactor to improve legibility by \u003ca href=\"https://github.com/blottn\"\u003e\u003ccode\u003e@​blottn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2432\"\u003eajv-validator/ajv#2432\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix grammatical typo in managing-schemas.md by \u003ca href=\"https://github.com/wetneb\"\u003e\u003ccode\u003e@​wetneb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2305\"\u003eajv-validator/ajv#2305\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Fix broken strict-mode link by \u003ca href=\"https://github.com/alexanderjsx\"\u003e\u003ccode\u003e@​alexanderjsx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2459\"\u003eajv-validator/ajv#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add test for encoded refs and bump fast-uri by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2449\"\u003eajv-validator/ajv#2449\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: changes for \u003ccode\u003e@​typescript-eslint/array-type\u003c/code\u003e rule by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2467\"\u003eajv-validator/ajv#2467\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2217\"\u003e#2217\u003c/a\u003e - clarify custom keyword naming by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2457\"\u003eajv-validator/ajv#2457\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"\u003e\u003ccode\u003ef06766f\u003c/code\u003e\u003c/a\u003e feat: allow tree-shaking by adding ``\u0026quot;sideEffects\u0026quot;: false\u003ccode\u003eto\u003c/code\u003epackage.json` ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9050ba1359fb87cd7c143f3c79513ea7624ea443\"\u003e\u003ccode\u003e9050ba1\u003c/code\u003e\u003c/a\u003e bump version to 8.17.1 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2472\"\u003e#2472\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/f7831b41c3a27064c6219f51a1e7371ffb582dfe\"\u003e\u003ccode\u003ef7831b4\u003c/code\u003e\u003c/a\u003e fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2217\"\u003e#2217\u003c/a\u003e - clarify custom keyword naming (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2457\"\u003e#2457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/a523784388a79ce65e42caf4d2731da36a94b386\"\u003e\u003ccode\u003ea523784\u003c/code\u003e\u003c/a\u003e fix: changes for \u003ccode\u003e@​typescript-eslint/array-type\u003c/code\u003e rule (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2467\"\u003e#2467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/595fe58e64e8d5fb8a50fd7a58f9e7f3bcca0bac\"\u003e\u003ccode\u003e595fe58\u003c/code\u003e\u003c/a\u003e feat: add test for encoded refs and bump fast-uri (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2449\"\u003e#2449\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.11.0...v8.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsonpath` from 1.1.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bn.js` from 5.2.1 to 5.2.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/indutny/bn.js/blob/master/CHANGELOG.md\"\u003ebn.js's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.2.3 / 2026-02-19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2 / 2025-04-25\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: imuln/muln with zero (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ea6c072a951493ca99e5cd5f8da3851b90116271\"\u003e\u003ccode\u003eea6c072\u003c/code\u003e\u003c/a\u003e 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/33df26b5771e824f303a79ec6407409376baa64b\"\u003e\u003ccode\u003e33df26b\u003c/code\u003e\u003c/a\u003e fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6db7c3818569423b94ebcf2bdff90fcfb9c47f6d\"\u003e\u003ccode\u003e6db7c38\u003c/code\u003e\u003c/a\u003e 5.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c7e1a532566c83fd0297ff7669c227b824928bf4\"\u003e\u003ccode\u003ec7e1a53\u003c/code\u003e\u003c/a\u003e Fix imuln/muln with zero (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/4cc0bfa5195d54876a6b807827e582522c813019\"\u003e\u003ccode\u003e4cc0bfa\u003c/code\u003e\u003c/a\u003e docs: mention the max plain JS number argument value (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/307\"\u003e#307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/5df40f81ea8afb835b909bb7c21e0833cdeb6a30\"\u003e\u003ccode\u003e5df40f8\u003c/code\u003e\u003c/a\u003e Document \u003ccode\u003elength\u003c/code\u003e unit in \u003ccode\u003etoBuffer(...)\u003c/code\u003e input (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/299\"\u003e#299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/indutny/bn.js/compare/v5.2.1...v5.2.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bn.js` from 4.12.0 to 4.12.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/indutny/bn.js/blob/master/CHANGELOG.md\"\u003ebn.js's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.2.3 / 2026-02-19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2 / 2025-04-25\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: imuln/muln with zero (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ea6c072a951493ca99e5cd5f8da3851b90116271\"\u003e\u003ccode\u003eea6c072\u003c/code\u003e\u003c/a\u003e 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/33df26b5771e824f303a79ec6407409376baa64b\"\u003e\u003ccode\u003e33df26b\u003c/code\u003e\u003c/a\u003e fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6db7c3818569423b94ebcf2bdff90fcfb9c47f6d\"\u003e\u003ccode\u003e6db7c38\u003c/code\u003e\u003c/a\u003e 5.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c7e1a532566c83fd0297ff7669c227b824928bf4\"\u003e\u003ccode\u003ec7e1a53\u003c/code\u003e\u003c/a\u003e Fix imuln/muln with zero (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/4cc0bfa5195d54876a6b807827e582522c813019\"\u003e\u003ccode\u003e4cc0bfa\u003c/code\u003e\u003c/a\u003e docs: mention the max plain JS number argument value (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/307\"\u003e#307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/5df40f81ea8afb835b909bb7c21e0833cdeb6a30\"\u003e\u003ccode\u003e5df40f8\u003c/code\u003e\u003c/a\u003e Document \u003ccode\u003elength\u003c/code\u003e unit in \u003ccode\u003etoBuffer(...)\u003c/code\u003e input (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/299\"\u003e#299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/indutny/bn.js/compare/v5.2.1...v5.2.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 12.3.7 to 16.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev16.2.4\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: Bump reqwest to 0.13.2 (Fixes Google Fonts with Turbopack for Windows on ARM64) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92713\"\u003e#92713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: fix filesystem watcher config not applying follow_symlinks(false) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92631\"\u003e#92631\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eScope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92580\"\u003e#92580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCompiler: Support boolean and number primtives in next.config defines (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92731\"\u003e#92731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eturbo-tasks: Fix recomputation loop by allowing cell cleanup on error during recomputation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92725\"\u003e#92725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: shorter error for ChunkGroupInfo::get_index_of (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92814\"\u003e#92814\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: shorter error message for ModuleBatchesGraph::get_entry_index (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92828\"\u003e#92828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdding more system info to the 'initialize project' trace (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92427\"\u003e#92427\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/Badbird5907\"\u003e\u003ccode\u003e@​Badbird5907\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukesandberg\"\u003e\u003ccode\u003e@​lukesandberg\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/andrewimm\"\u003e\u003ccode\u003e@​andrewimm\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/sokra\"\u003e\u003ccode\u003e@​sokra\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/mischnic\"\u003e\u003ccode\u003e@​mischnic\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003ch2\u003ev16.2.3\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see \u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e. The release does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure app-page reports stale ISR revalidation errors via onRequestError (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92282\"\u003e#92282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91981\"\u003e#91981\u003c/a\u003e through \u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92273\"\u003e#92273\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeduplicate output assets and detect content conflicts on emit (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92292\"\u003e#92292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix styled-jsx race condition: styles lost due to concurrent rendering (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92459\"\u003e#92459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eturbo-tasks-backend: stability fixes for task cancellation and error handling (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92254\"\u003e#92254\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/icyJoseph\"\u003e\u003ccode\u003e@​icyJoseph\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/sokra\"\u003e\u003ccode\u003e@​sokra\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/wbinnssmith\"\u003e\u003ccode\u003e@​wbinnssmith\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/eps1lon\"\u003e\u003ccode\u003e@​eps1lon\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/ztanner\"\u003e\u003ccode\u003e@​ztanner\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003ch2\u003ev16.2.2\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport: Move expanded adapters docs to API reference (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92115\"\u003e#92115\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92129\"\u003e#92129\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBackport: TypeScript v6 deprecations for baseUrl and moduleResolution (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92130\"\u003e#92130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[create-next-app] Skip interactive prompts when CLI flags are provided (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91840\"\u003e#91840\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003enext.config.js: Accept an option for serverFastRefresh (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91968\"\u003e#91968\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: enable server HMR for app route handlers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91466\"\u003e#91466\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: exclude metadata routes from server HMR (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92034\"\u003e#92034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CI for glibc linux builds\u003c/li\u003e\n\u003cli\u003eBackport: disable bmi2 in qfilter \u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92177\"\u003e#92177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[backport] Fix CSS HMR on Safari (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92174\"\u003e#92174\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2275bd8598c88e8652d1271e74bcf972f72f4f38\"\u003e\u003ccode\u003e2275bd8\u003c/code\u003e\u003c/a\u003e v16.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/e07398321a37115626b0271697e51418db109cad\"\u003e\u003ccode\u003ee073983\u003c/code\u003e\u003c/a\u003e Adding more system info to the 'initialize project' trace (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92427\"\u003e#92427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/8a540b58b683bb79667d6e908d45df0e9e9c9f9c\"\u003e\u003ccode\u003e8a540b5\u003c/code\u003e\u003c/a\u003e Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92\"\u003e#92\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2f5343fafb2052c59cf62018252b75da3e7d424a\"\u003e\u003ccode\u003e2f5343f\u003c/code\u003e\u003c/a\u003e Turbopack: shorter error for ChunkGroupInfo::get_index_of (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92814\"\u003e#92814\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2ad9d3fb58801adb7df87873fc299a4e9a5ab199\"\u003e\u003ccode\u003e2ad9d3f\u003c/code\u003e\u003c/a\u003e turbo-tasks: Fix recomputation loop by allowing cell cleanup on error during ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/6f3808e2043d168d4fb6fa3f9184e755076a16b0\"\u003e\u003ccode\u003e6f3808e\u003c/code\u003e\u003c/a\u003e Compiler: Support boolean and number primtives in next.config defines (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92731\"\u003e#92731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fbc7684ecbd360da8af602e50780637fc79354d5\"\u003e\u003ccode\u003efbc7684\u003c/code\u003e\u003c/a\u003e Scope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92580\"\u003e#92580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/805d758d935beb0abbc70639c6af0fc9d839273b\"\u003e\u003ccode\u003e805d758\u003c/code\u003e\u003c/a\u003e Turbopack: fix filesystem watcher config not applying follow_symlinks(false) ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/1056fae3565d88719ef41f5b05447ace75e26d7e\"\u003e\u003ccode\u003e1056fae\u003c/code\u003e\u003c/a\u003e chore: Bump reqwest to 0.13.2 (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92713\"\u003e#92713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d5f649b2f4affdad1009cb178c1e3b37f4f1ad3f\"\u003e\u003ccode\u003ed5f649b\u003c/code\u003e\u003c/a\u003e v16.2.3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v12.2.0...v16.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 12.3.7 to 16.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev16.2.4\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: Bump reqwest to 0.13.2 (Fixes Google Fonts with Turbopack for Windows on ARM64) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92713\"\u003e#92713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: fix filesystem watcher config not applying follow_symlinks(false) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92631\"\u003e#92631\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eScope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92580\"\u003e#92580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCompiler: Support boolean and number primtives in next.config defines (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92731\"\u003e#92731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eturbo-tasks: Fix recomputation loop by allowing cell cleanup on error during recomputation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92725\"\u003e#92725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: shorter error for ChunkGroupInfo::get_index_of (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92814\"\u003e#92814\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: shorter error message for ModuleBatchesGraph::get_entry_index (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92828\"\u003e#92828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdding more system info to the 'initialize project' trace (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92427\"\u003e#92427\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/Badbird5907\"\u003e\u003ccode\u003e@​Badbird5907\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukesandberg\"\u003e\u003ccode\u003e@​lukesandberg\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/andrewimm\"\u003e\u003ccode\u003e@​andrewimm\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/sokra\"\u003e\u003ccode\u003e@​sokra\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/mischnic\"\u003e\u003ccode\u003e@​mischnic\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003ch2\u003ev16.2.3\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see \u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e. The release does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure app-page reports stale ISR revalidation errors via onRequestError (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92282\"\u003e#92282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91981\"\u003e#91981\u003c/a\u003e through \u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92273\"\u003e#92273\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeduplicate output assets and detect content conflicts on emit (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92292\"\u003e#92292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix styled-jsx race condition: styles lost due to concurrent rendering (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92459\"\u003e#92459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eturbo-tasks-backend: stability fixes for task cancellation and error handling (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92254\"\u003e#92254\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/icyJoseph\"\u003e\u003ccode\u003e@​icyJoseph\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/sokra\"\u003e\u003ccode\u003e@​sokra\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/wbinnssmith\"\u003e\u003ccode\u003e@​wbinnssmith\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/eps1lon\"\u003e\u003ccode\u003e@​eps1lon\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/ztanner\"\u003e\u003ccode\u003e@​ztanner\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003ch2\u003ev16.2.2\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport: Move expanded adapters docs to API reference (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92115\"\u003e#92115\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92129\"\u003e#92129\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBackport: TypeScript v6 deprecations for baseUrl and moduleResolution (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92130\"\u003e#92130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[create-next-app] Skip interactive prompts when CLI flags are provided (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91840\"\u003e#91840\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003enext.config.js: Accept an option for serverFastRefresh (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91968\"\u003e#91968\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: enable server HMR for app route handlers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91466\"\u003e#91466\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: exclude metadata routes from server HMR (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92034\"\u003e#92034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CI for glibc linux builds\u003c/li\u003e\n\u003cli\u003eBackport: disable bmi2 in qfilter \u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92177\"\u003e#92177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[backport] Fix CSS HMR on Safari (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92174\"\u003e#92174\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2275bd8598c88e8652d1271e74bcf972f72f4f38\"\u003e\u003ccode\u003e2275bd8\u003c/code\u003e\u003c/a\u003e v16.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/e07398321a37115626b0271697e51418db109cad\"\u003e\u003ccode\u003ee073983\u003c/code\u003e\u003c/a\u003e Adding more system info to the 'initialize project' trace (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92427\"\u003e#92427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/8a540b58b683bb79667d6e908d45df0e9e9c9f9c\"\u003e\u003ccode\u003e8a540b5\u003c/code\u003e\u003c/a\u003e Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92\"\u003e#92\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2f5343fafb2052c59cf62018252b75da3e7d424a\"\u003e\u003ccode\u003e2f5343f\u003c/code\u003e\u003c/a\u003e Turbopack: shorter error for ChunkGroupInfo::ge...\n\n_Description has been truncated_","html_url":"https://github.com/Emadalshamery/verite/pull/10","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Emadalshamery%2Fverite/issues/10","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10/packages"},{"uuid":"4346354784","node_id":"PR_kwDOLmvpg87Wfzg_","number":4,"state":"closed","title":"Bump the npm_and_yarn group across 2 directories with 28 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-09T03:57:49.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-28T21:30:16.000Z","updated_at":"2026-05-09T03:57:51.000Z","time_to_close":887253,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":28,"packages":[{"name":"@babel/helpers","old_version":"7.24.0","new_version":"7.29.2","repository_url":"https://github.com/babel/babel"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"ajv","old_version":"8.12.0","new_version":"8.20.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"brace-expansion","old_version":"2.0.1","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"braces","old_version":"3.0.2","new_version":"3.0.3","repository_url":"https://github.com/micromatch/braces"},{"name":"cross-spawn","old_version":"7.0.3","new_version":"7.0.6","repository_url":"https://github.com/moxystudio/node-cross-spawn"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"9.0.3","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.6","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"form-data","old_version":"3.0.1","new_version":"3.0.4","repository_url":"https://github.com/form-data/form-data"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"micromatch","old_version":"4.0.5","new_version":"4.0.8","repository_url":"https://github.com/micromatch/micromatch"},{"name":"nanoid","old_version":"3.3.7","new_version":"3.3.11","repository_url":"https://github.com/ai/nanoid"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"on-headers","old_version":"1.0.2","new_version":"1.1.0","repository_url":"https://github.com/jshttp/on-headers"},{"name":"path-to-regexp","old_version":"0.1.7","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"2.4.1","new_version":"2.8.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"rollup","old_version":"2.79.1","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"webpack","old_version":"5.90.3","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"},{"name":"ws","old_version":"8.16.0","new_version":"8.20.0","repository_url":"https://github.com/websockets/ws"},{"name":"ws","old_version":"7.5.9","new_version":"7.5.10","repository_url":"https://github.com/websockets/ws"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 22 updates in the /evaluation/regression/cases/react-todo/outputs/langchains_agent/workspace/todo-app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.24.0` | `7.29.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.12.0` | `8.20.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |\n| [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.3` | `9.0.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.6` | `1.16.0` |\n| [form-data](https://github.com/form-data/form-data) | `3.0.1` | `3.0.4` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` |\n| [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.11` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.7` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [yaml](https://github.com/eemeli/yaml) | `2.4.1` | `2.8.3` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.1` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.90.3` | `5.106.2` |\n| [ws](https://github.com/websockets/ws) | `8.16.0` | `8.20.0` |\n| [ws](https://github.com/websockets/ws) | `7.5.9` | `7.5.10` |\n\nBumps the npm_and_yarn group with 17 updates in the /frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.24.0` | `7.29.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `removed` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |\n| [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` |\n| [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.11` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.38` | `8.5.12` |\n| [rollup](https://github.com/rollup/rollup) | `4.13.0` | `4.60.2` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.1.6` | `8.0.10` |\n| [prismjs](https://github.com/PrismJS/prism) | `1.27.0` | `1.30.0` |\n\n\nUpdates `@babel/helpers` from 7.24.0 to 7.29.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e\u003ccode\u003e@​babel/helpers\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17789\"\u003e#17789\u003c/a\u003e [7.x backport] preset-env include/exclude should accept bugfix plugins (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:house: Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17813\"\u003e#17813\u003c/a\u003e chore: update eslint peer deps (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 2\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.1 (2026-02-04)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-standalone\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17771\"\u003e#17771\u003c/a\u003e [7.x backport] fix: ensure \u003ccode\u003etargets.esmodules\u003c/code\u003e is validated (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17776\"\u003e#17776\u003c/a\u003e [7.x backport] Fix undefined when 64 indents (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 2\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.0 (2026-01-31)\u003c/h2\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/simbahax\"\u003e\u003ccode\u003e@​simbahax\u003c/code\u003e\u003c/a\u003e for your first PR!\u003c/p\u003e\n\u003ch4\u003e:rocket: New Feature\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-types\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17750\"\u003e#17750\u003c/a\u003e [7.x backport] Add attributes import declaration builder (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-standalone\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17663\"\u003e#17663\u003c/a\u003e [7.x backport] feat(standalone): export async transform (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17725\"\u003e#17725\u003c/a\u003e [7.x backport] feat: read standalone targets from data-targets (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17765\"\u003e#17765\u003c/a\u003e fix(parser): correctly parse type assertions in \u003ccode\u003eextends\u003c/code\u003e clause (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17723\"\u003e#17723\u003c/a\u003e [7.x backport] fix(parser): improve super type argument parsing (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-traverse\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17708\"\u003e#17708\u003c/a\u003e fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (\u003ca href=\"https://github.com/simbahax\"\u003e\u003ccode\u003e@​simbahax\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-block-scoping\u003c/code\u003e, \u003ccode\u003ebabel-traverse\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17737\"\u003e#17737\u003c/a\u003e [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (\u003ca href=\"https://github.com/magic-akari\"\u003e\u003ccode\u003e@​magic-akari\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/37d5595fca9f188f0534458180611f2e776acd31\"\u003e\u003ccode\u003e37d5595\u003c/code\u003e\u003c/a\u003e v7.29.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/1c0a08d95ae7e1c788c7e1ae3a10ee53f7c86864\"\u003e\u003ccode\u003e1c0a08d\u003c/code\u003e\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17805\"\u003e#17805\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/d7f400889567ae18ef9ac41b024b5120f6060e17\"\u003e\u003ccode\u003ed7f4008\u003c/code\u003e\u003c/a\u003e v7.28.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/99dcba5e71de3bd81ce14077cfa5b6df58e9b177\"\u003e\u003ccode\u003e99dcba5\u003c/code\u003e\u003c/a\u003e chore: enable some ts-eslint rules (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17592\"\u003e#17592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/c1b55f6ad56523ccc96fa68721de0bed2f2cdb23\"\u003e\u003ccode\u003ec1b55f6\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003eeslint.config.mts\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17573\"\u003e#17573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/35055e392079a65830b7bf5b1d1c1fc4de90a78f\"\u003e\u003ccode\u003e35055e3\u003c/code\u003e\u003c/a\u003e v7.28.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/18d88b83c67c8dbbe63e4ac423e6006c4c01b85c\"\u003e\u003ccode\u003e18d88b8\u003c/code\u003e\u003c/a\u003e Improve \u003ccode\u003e@​babel/core\u003c/code\u003e typings (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17471\"\u003e#17471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/ef155f5ca83c73dbc1ea8d95216830b7dc3b0ac2\"\u003e\u003ccode\u003eef155f5\u003c/code\u003e\u003c/a\u003e v7.28.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/741cbd2381ac0cda3afd42bc04454a87d9d8762a\"\u003e\u003ccode\u003e741cbd2\u003c/code\u003e\u003c/a\u003e chore: fix various typos across codebase (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17476\"\u003e#17476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cac0ff4c3426eed30b4d27e7971b348da7c9f1e6\"\u003e\u003ccode\u003ecac0ff4\u003c/code\u003e\u003c/a\u003e v7.28.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.2/packages/babel-helpers\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/helpers\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.14.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.12.0 to 8.20.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.1 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `braces` from 3.0.2 to 3.0.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/74b2db2938fad48a2ea54a9c8bf27a37a62c350d\"\u003e\u003ccode\u003e74b2db2\u003c/code\u003e\u003c/a\u003e 3.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/88f1429a0f47e1dd3813de35211fc97ffda27f9e\"\u003e\u003ccode\u003e88f1429\u003c/code\u003e\u003c/a\u003e update eslint. lint, fix unit tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff\"\u003e\u003ccode\u003e415d660\u003c/code\u003e\u003c/a\u003e Snyk js braces 6838727 (\u003ca href=\"https://redirect.github.com/micromatch/braces/issues/40\"\u003e#40\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/190510f79db1adf21d92798b0bb6fccc1f72c9d6\"\u003e\u003ccode\u003e190510f\u003c/code\u003e\u003c/a\u003e fix tests, skip 1 test in test/braces.expand\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/716eb9f12d820b145a831ad678618731927e8856\"\u003e\u003ccode\u003e716eb9f\u003c/code\u003e\u003c/a\u003e readme bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/a5851e57f45c3431a94d83fc565754bc10f5bbc3\"\u003e\u003ccode\u003ea5851e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/braces/issues/37\"\u003e#37\u003c/a\u003e from coderaiser/fix/vulnerability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/2092bd1fb108d2c59bd62e243b70ad98db961538\"\u003e\u003ccode\u003e2092bd1\u003c/code\u003e\u003c/a\u003e feature: braces: add maxSymbols (\u003ca href=\"https://github.com/micromatch/braces/issues/\"\u003ehttps://github.com/micromatch/braces/issues/\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/9f5b4cf47329351bcb64287223ffb6ecc9a5e6d3\"\u003e\u003ccode\u003e9f5b4cf\u003c/code\u003e\u003c/a\u003e fix: vulnerability (\u003ca href=\"https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727\"\u003ehttps://security.snyk.io/vuln/SNYK-JS-BRACES-6838727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/98414f9f1fabe021736e26836d8306d5de747e0d\"\u003e\u003ccode\u003e98414f9\u003c/code\u003e\u003c/a\u003e remove funding file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/665ab5d561c017a38ba7aafd92cc6655b91d8c14\"\u003e\u003ccode\u003e665ab5d\u003c/code\u003e\u003c/a\u003e update keepEscaping doc (\u003ca href=\"https://redirect.github.com/micromatch/braces/issues/27\"\u003e#27\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/braces/compare/3.0.2...3.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cross-spawn` from 7.0.3 to 7.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md\"\u003ecross-spawn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/compare/v7.0.5...v7.0.6\"\u003e7.0.6\u003c/a\u003e (2024-11-18)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate cross-spawn version to 7.0.5 in package-lock.json (\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/f700743918d901eff92960e15a8dd68f87bd4176\"\u003ef700743\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/compare/v7.0.4...v7.0.5\"\u003e7.0.5\u003c/a\u003e (2024-11-07)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix escaping bug introduced by backtracking (\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f\"\u003e640d391\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.4\"\u003e7.0.4\u003c/a\u003e (2024-11-07)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edisable regexp backtracking (\u003ca href=\"https://redirect.github.com/moxystudio/node-cross-spawn/issues/160\"\u003e#160\u003c/a\u003e) (\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff\"\u003e5ff3a07\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/77cd97f3ca7b62c904a63a698fc4a79bf41977d0\"\u003e\u003ccode\u003e77cd97f\u003c/code\u003e\u003c/a\u003e chore(release): 7.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/6717de49ff1e5de49622488dcb9c33fb25370c85\"\u003e\u003ccode\u003e6717de4\u003c/code\u003e\u003c/a\u003e chore: upgrade standard-version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/f700743918d901eff92960e15a8dd68f87bd4176\"\u003e\u003ccode\u003ef700743\u003c/code\u003e\u003c/a\u003e fix: update cross-spawn version to 7.0.5 in package-lock.json\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/9a7e3b2165917367f74b8365faad9873b30d7263\"\u003e\u003ccode\u003e9a7e3b2\u003c/code\u003e\u003c/a\u003e chore: fix build status badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/085268352dcbcad8064c64c5efb25268b4023184\"\u003e\u003ccode\u003e0852683\u003c/code\u003e\u003c/a\u003e chore(release): 7.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f\"\u003e\u003ccode\u003e640d391\u003c/code\u003e\u003c/a\u003e fix: fix escaping bug introduced by backtracking\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/bff0c87c8b627c4e6d04ec2449e733048bebb464\"\u003e\u003ccode\u003ebff0c87\u003c/code\u003e\u003c/a\u003e chore: remove codecov\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/a7c6abc6fee79641d45b452fe6217deaa1bd0973\"\u003e\u003ccode\u003ea7c6abc\u003c/code\u003e\u003c/a\u003e chore: replace travis with github workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/9b9246e0969e86656d7ccd527716bc3c18842a19\"\u003e\u003ccode\u003e9b9246e\u003c/code\u003e\u003c/a\u003e chore(release): 7.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff\"\u003e\u003ccode\u003e5ff3a07\u003c/code\u003e\u003c/a\u003e fix: disable regexp backtracking (\u003ca href=\"https://redirect.github.com/moxystudio/node-cross-spawn/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 9.0.3 to 9.0.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 5.1.6 to 5.1.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.6 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.6...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `form-data` from 3.0.1 to 3.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/form-data/form-data/releases\"\u003eform-data's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003enpmignore temporary build files (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/532\"\u003e#532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emove util.isArray to Array.isArray (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emigrate from travis to GHA\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/form-data/form-data/blob/master/CHANGELOG.md\"\u003eform-data's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.3...v3.0.4\"\u003ev3.0.4\u003c/a\u003e - 2025-07-16\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/577\"\u003e\u003ccode\u003e[#577](https://github.com/form-data/form-data/issues/577)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[eslint] update linting config \u003ca href=\"https://github.com/form-data/form-data/commit/f5e7eb024bc3fc7e2074ff80f143a4f4cbc1dbda\"\u003e\u003ccode\u003ef5e7eb0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5\"\u003e\u003ccode\u003ed2eb290\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23 \u003ca href=\"https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f\"\u003e\u003ccode\u003ee8c574c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values \u003ca href=\"https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd\"\u003e\u003ccode\u003ec6ced61\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003ehasown\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/1a78b5dd05e508d67e97764d812ac7c6d92ea88d\"\u003e\u003ccode\u003e1a78b5d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method \u003ca href=\"https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4\"\u003e\u003ccode\u003e70bbaa0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add tests to check the behavior of \u003ccode\u003egetBoundary\u003c/code\u003e with non-strings \u003ca href=\"https://github.com/form-data/form-data/commit/b22a64ef94ba4f3f6ff7d1ac72a54cca128567df\"\u003e\u003ccode\u003eb22a64e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] actually ensure the readme backup isn’t published \u003ca href=\"https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea\"\u003e\u003ccode\u003e0150851\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] remove local commit hooks \u003ca href=\"https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769\"\u003e\u003ccode\u003efc42bb9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] remove unused deps \u003ca href=\"https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb\"\u003e\u003ccode\u003ea14d09e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix scripts to use prepublishOnly \u003ca href=\"https://github.com/form-data/form-data/commit/11d9f7338f18a59b431832a3562b49baece0a432\"\u003e\u003ccode\u003e11d9f73\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix readme capitalization \u003ca href=\"https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932\"\u003e\u003ccode\u003efc38b48\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.2...v3.0.3\"\u003ev3.0.3\u003c/a\u003e - 2025-02-14\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/573\"\u003e\u003ccode\u003e[#573](https://github.com/form-data/form-data/issues/573)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/573\"\u003e#573\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/396\"\u003e\u003ccode\u003e[#396](https://github.com/form-data/form-data/issues/396)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003eObject.prototype.hasOwnProperty.call\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/7fecefe4ba8f775634aff86a698776ad95ecffb5\"\u003e\u003ccode\u003e7fecefe\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@types/node\u003c/code\u003e, \u003ccode\u003ebrowserify\u003c/code\u003e, \u003ccode\u003ecoveralls\u003c/code\u003e, \u003ccode\u003ecross-spawn\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003eformidable\u003c/code\u003e, \u003ccode\u003ein-publish\u003c/code\u003e, \u003ccode\u003epkgfiles\u003c/code\u003e, \u003ccode\u003epre-commit\u003c/code\u003e, \u003ccode\u003epuppeteer\u003c/code\u003e, \u003ccode\u003erequest\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e, \u003ccode\u003etypescript\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/8261fcb8bf5944d30ae3bd04b91b71d6a9932ef4\"\u003e\u003ccode\u003e8261fcb\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/form-data/form-data/commit/b82f59093cdbadb4b7ec0922d33ae7ab048b82ff\"\u003e\u003ccode\u003eb82f590\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] pin \u003ccode\u003erequest\u003c/code\u003e which via \u003ccode\u003etough-cookie\u003c/code\u003e ^2.4 depends on \u003ccode\u003epsl\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/e5df7f24383342264bd73dee3274818a40d04065\"\u003e\u003ccode\u003ee5df7f2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003emime-types\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/5a5bafee894fead10da49e1fa2b084e17f2e1034\"\u003e\u003ccode\u003e5a5bafe\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.1...v3.0.2\"\u003ev3.0.2\u003c/a\u003e - 2024-10-10\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix (npmignore): ignore temporary build files \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/532\"\u003e\u003ccode\u003e[#532](https://github.com/form-data/form-data/issues/532)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] migrate from travis to GHA \u003ca href=\"https://github.com/form-data/form-data/commit/8fdb3bc6b5d001f8909a9fca391d1d1d97ef1d79\"\u003e\u003ccode\u003e8fdb3bc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] clean up ignores \u003ca href=\"https://github.com/form-data/form-data/commit/3217b3ded8e382e51171d5c74c6038a21cc54440\"\u003e\u003ccode\u003e3217b3d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: move util.isArray to Array.isArray (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/564\"\u003e#564\u003c/a\u003e) \u003ca href=\"https://github.com/form-data/form-data/commit/edb555a811f6f7e4668db4831551cf41c1de1cac\"\u003e\u003ccode\u003eedb555a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/9c82fcdf0858b2764060a87803a55375ffbee6ed\"\u003e\u003ccode\u003e9c82fcd\u003c/code\u003e\u003c/a\u003e v3.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f\"\u003e\u003ccode\u003ee8c574c\u003c/code\u003e\u003c/a\u003e [Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd\"\u003e\u003ccode\u003ec6ced61\u003c/code\u003e\u003c/a\u003e [Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea\"\u003e\u003ccode\u003e0150851\u003c/code\u003e\u003c/a\u003e [meta] actually ensure the readme backup isn’t published\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932\"\u003e\u003ccode\u003efc38b48\u003c/code\u003e\u003c/a\u003e [meta] fix readme capitalization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5\"\u003e\u003ccode\u003ed2eb290\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769\"\u003e\u003ccode\u003efc42bb9\u003c/code\u003e\u003c/a\u003e [meta] remove local commit hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb\"\u003e\u003ccode\u003ea14d09e\u003c/code\u003e\u003c/a\u003e [Dev Deps] remove unused deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/002b9b0c4862576305292ac44f7be25ec7ccea0e\"\u003e\u003ccode\u003e002b9b0\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4\"\u003e\u003ccode\u003e70bbaa0\u003c/code\u003e\u003c/a\u003e [Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.1...v3.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for form-data since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsonpath` from 1.1.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `micromatch` from 4.0.5 to 4.0.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/micromatch/releases\"\u003emicromatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.8\u003c/h2\u003e\n\u003cp\u003eUltimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md\"\u003emicromatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[4.0.8] - 2024-08-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebackported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.7] - 2024-05-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ethis is basically v4.0.5, with some README updates\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eit is vulnerable to CVE-2024-4067\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eUpdated braces to v3.0.3 to avoid CVE-2024-4068\u003c/li\u003e\n\u003cli\u003edoes NOT break API compatibility\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.6] - 2024-05-21\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ehasBraces\u003c/code\u003e to check if a pattern contains braces.\u003c/li\u003e\n\u003cli\u003eFixes CVE-2024-4067\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBREAKS API COMPATIBILITY\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eShould be labeled as a major release, but it's not.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/8bd704ec0d9894693d35da425d827819916be920\"\u003e\u003ccode\u003e8bd704e\u003c/code\u003e\u003c/a\u003e 4.0.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/a0e68416a44da10f3e4e30845ab95af4fd286d5a\"\u003e\u003ccode\u003ea0e6841\u003c/code\u003e\u003c/a\u003e run verb to generate README documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/4ec288484f6e8cccf597ad3d43529c31d0f7a02a\"\u003e\u003ccode\u003e4ec2884\u003c/code\u003e\u003c/a\u003e Merge branch 'v4' into hauserkristof-feature/v4.0.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\"\u003e\u003ccode\u003e03aa805\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/micromatch/issues/266\"\u003e#266\u003c/a\u003e from hauserkristof/feature/v4.0.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/814f5f70efcd100ca9d29198867812a3d6ab91a8\"\u003e\u003ccode\u003e814f5f7\u003c/code\u003e\u003c/a\u003e lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/67fcce6a1077c2faf5ad0c5f998fa70202cc5dae\"\u003e\u003ccode\u003e67fcce6\u003c/code\u003e\u003c/a\u003e fix: CHANGELOG about braces \u0026amp; CVE-2024-4068, v4.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/113f2e3fa7cb30b429eda7c4c38475a8e8ba1b30\"\u003e\u003ccode\u003e113f2e3\u003c/code\u003e\u003c/a\u003e fix: CVE numbers in CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/d9dbd9a266686f44afb38da26fe016f96d1ec04f\"\u003e\u003ccode\u003ed9dbd9a\u003c/code\u003e\u003c/a\u003e feat: updated CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/2ab13157f416679f54e3a32b1425e184bd16749e\"\u003e\u003ccode\u003e2ab1315\u003c/code\u003e\u003c/a\u003e fix: use actions/setup-node@v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/1406ea38f3e24b29f4d4f46908d5cffcb3e6c4ce\"\u003e\u003ccode\u003e1406ea3\u003c/code\u003e\u003c/a\u003e feat: rework test to work on macos with node 10,12 and 14\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/micromatch/compare/4.0.5...4.0.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nanoid` from 3.3.7 to 3.3.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ai/nanoid/releases\"\u003enanoid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.3.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed React Native support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.3.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed React Native support (by \u003ca href=\"https://github.com/steida\"\u003e\u003ccode\u003e@​steida\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.3.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced npm package size.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ai/nanoid/blob/main/CHANGELOG.md\"\u003enanoid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.3.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed React Native support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.3.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed React Native support (by \u003ca href=\"https://github.com/steida\"\u003e\u003ccode\u003e@​steida\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.3.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced npm package size.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.3.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a way to break Nano ID by passing non-integer size (by \u003ca href=\"https://github.com/myndzi\"\u003e\u003ccode\u003e@​myndzi\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ai/nanoid/commit/37289ceee51a3194a1f121a1e5d2bbb864076b74\"\u003e\u003ccode\u003e37289ce\u003c/code\u003e\u003c/a\u003e Release 3.3.11 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ai/nanoid/commit/23690b77719ec8043c2509d28c1d74b0e2295b75\"\u003e\u003ccode\u003e23690b7\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ai/nanoid/commit/c147962de7f5da3311a0e731030a28f49c5266a3\"\u003e\u003ccode\u003ec147962\u003c/code\u003e\u003c/a\u003e Fix RN support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ai/nanoid/commit/a83734e28fa071f51fe3614a5fb891f08a4b91b2\"\u003e\u003ccode\u003ea83734e\u003c/code\u003e\u003c/a\u003e Move to manually ESM/CJS dual package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ai/nanoid/commit/bb12e8a6f9c37ebe0b5ff2c697b8f9dcf34c8948\"\u003e\u003ccode\u003ebb12e8a\u003c/code\u003e\u003c/a\u003e Release 3.3.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ai/nanoid/commit/8f44264cd724080447f40620974163f1daca4612\"\u003e\u003ccode\u003e8f44264\u003c/code\u003e\u003c/a\u003e Fix Expo support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ai/nanoid/commit/adf9b0c05eeeebbbf391c16bbd93da2fc275e235\"\u003e\u003ccode\u003eadf9b0c\u003c/code\u003e\u003c/a\u003e Release 3.3.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ai/nanoid/commit/1c6f08825b4f17c4462bd1c19dbc3f1c5626b76f\"\u003e\u003ccode\u003e1c6f088\u003c/code\u003e\u003c/a\u003e Remove dev file from npm package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ai/nanoid/commit/3044cd5e73f4cf31795f61f6e6b961c8c0a5c744\"\u003e\u003ccode\u003e3044cd5\u003c/code\u003e\u003c/a\u003e Release 3.3.8 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ai/nanoid/commit/4fe34959c34e5b3573889ed4f24fe91d1d3e7231\"\u003e\u003ccode\u003e4fe3495\u003c/code\u003e\u003c/a\u003e Update size limit\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ai/nanoid/compare/3.3.7...3.3.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signatu...\n\n_Description has been truncated_","html_url":"https://github.com/halilertekin/OpenDevin/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/halilertekin%2FOpenDevin/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"},{"uuid":"4328824649","node_id":"PR_kwDOSLpcPc7VoDsa","number":52,"state":"closed","title":"Bump jsonpath from 1.1.1 to 1.3.0 in /frontend","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-25T18:38:53.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-25T17:46:33.000Z","updated_at":"2026-04-25T18:39:00.000Z","time_to_close":3140,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"}],"path":"/frontend","ecosystem":"npm"},"body":"Bumps [jsonpath](https://github.com/dchester/jsonpath) from 1.1.1 to 1.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jsonpath\u0026package-manager=npm_and_yarn\u0026previous-version=1.1.1\u0026new-version=1.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Zintradev/ML-Threat-Dashboard/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Zintradev/ML-Threat-Dashboard/pull/52","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Zintradev%2FML-Threat-Dashboard/issues/52","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/52/packages"},{"uuid":"4328627121","node_id":"PR_kwDOSLpcPc7Vnc38","number":39,"state":"closed","title":"Bump the npm_and_yarn group across 1 directory with 16 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-25T16:40:00.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-25T16:20:23.000Z","updated_at":"2026-04-25T16:40:08.000Z","time_to_close":1177,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":16,"packages":[{"name":"axios","old_version":"1.12.2","new_version":"1.15.0","repository_url":"https://github.com/axios/axios"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"brace-expansion","old_version":"2.0.2","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"9.0.5","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.1","repository_url":"https://github.com/ljharb/qs"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"webpack","old_version":"5.102.0","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 15 updates in the /frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.12.2` | `1.15.0` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.1` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.102.0` | `5.106.2` |\n\n\nUpdates `axios` from 1.12.2 to 1.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.0\u003c/h2\u003e\n\u003cp\u003eThis release delivers two critical security patches, adds runtime support for Deno and Bun, and includes significant CI hardening, documentation improvements, and routine dependency updates.\u003c/p\u003e\n\u003ch2\u003e⚠️ Important Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecation:\u003c/strong\u003e \u003ccode\u003eurl.parse()\u003c/code\u003e usage has been replaced to address Node.js deprecation warnings. If you are on a recent version of Node.js, this resolves console warnings you may have been seeing. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Handling:\u003c/strong\u003e Fixed a \u003ccode\u003eno_proxy\u003c/code\u003e hostname normalisation bypass that could lead to Server-Side Request Forgery (SSRF). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection:\u003c/strong\u003e Fixed an unrestricted cloud metadata exfiltration vulnerability via a header injection chain. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10660\"\u003e#10660\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRuntime Support:\u003c/strong\u003e Added compatibility checks and documentation for Deno and Bun environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10652\"\u003e#10652\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10653\"\u003e#10653\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCI Security:\u003c/strong\u003e Hardened workflow permissions to least privilege, added the \u003ccode\u003ezizmor\u003c/code\u003e security scanner, pinned action versions, and gated npm publishing with OIDC and environment protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10627\"\u003e#10627\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eserialize-javascript\u003c/code\u003e, \u003ccode\u003ehandlebars\u003c/code\u003e, \u003ccode\u003epicomatch\u003c/code\u003e, \u003ccode\u003evite\u003c/code\u003e, and \u003ccode\u003edenoland/setup-deno\u003c/code\u003e to latest versions. Added a 7-day Dependabot cooldown period. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10574\"\u003e#10574\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10572\"\u003e#10572\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10568\"\u003e#10568\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10616\"\u003e#10616\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocumentation:\u003c/strong\u003e Unified docs, improved \u003ccode\u003ebeforeRedirect\u003c/code\u003e credential leakage example, clarified \u003ccode\u003ewithCredentials\u003c/code\u003e/\u003ccode\u003ewithXSRFToken\u003c/code\u003e behaviour, HTTP/2 support notes, async/await timeout error handling, header case preservation, and various typo fixes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10649\"\u003e#10649\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7452\"\u003e#7452\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7471\"\u003e#7471\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10654\"\u003e#10654\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHousekeeping:\u003c/strong\u003e Removed stale files, regenerated lockfile, and updated sponsor scripts and blocks. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10584\"\u003e#10584\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10650\"\u003e#10650\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10582\"\u003e#10582\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10640\"\u003e#10640\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10659\"\u003e#10659\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10668\"\u003e#10668\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Added regression coverage for urlencoded \u003ccode\u003eContent-Type\u003c/code\u003e casing. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve Axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/raashish1601\"\u003e\u003ccode\u003e@​raashish1601\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Kilros0817\"\u003e\u003ccode\u003e@​Kilros0817\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ashstrc\"\u003e\u003ccode\u003e@​ashstrc\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7452\"\u003e#7452\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.0\u003c/h2\u003e\n\u003cp\u003eThis release focuses on compatibility fixes, adapter stability improvements, and test/tooling modernisation.\u003c/p\u003e\n\u003ch2\u003e⚠️ Important Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking Changes:\u003c/strong\u003e None identified in this release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAction Required:\u003c/strong\u003e If you rely on env-based proxy behaviour or CJS resolution edge-cases, validate your integration after upgrade (notably \u003ccode\u003eproxy-from-env\u003c/code\u003e v2 alignment and \u003ccode\u003emain\u003c/code\u003e entry compatibility fix).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRuntime Features:\u003c/strong\u003e No new end-user features were introduced in this release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTest Coverage Expansion:\u003c/strong\u003e Added broader smoke/module test coverage for CJS and ESM package usage. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7510\"\u003e#7510\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeaders:\u003c/strong\u003e Trim trailing CRLF in normalised header values. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7456\"\u003e#7456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/2:\u003c/strong\u003e Close detached HTTP/2 sessions on timeout to avoid lingering sessions. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7457\"\u003e#7457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Cancel \u003ccode\u003eReadableStream\u003c/code\u003e created during request-stream capability probing to prevent async resource leaks. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7515\"\u003e#7515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Handling:\u003c/strong\u003e Fixed env proxy behavior with \u003ccode\u003eproxy-from-env\u003c/code\u003e v2 usage. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7499\"\u003e#7499\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.0 - April 7, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers two critical security patches targeting header injection and SSRF via proxy bypass, adds official runtime support for Deno and Bun, and includes significant CI security hardening.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection (CRLF):\u003c/strong\u003e Rejects any header value containing \u003ccode\u003e\\r\u003c/code\u003e or \u003ccode\u003e\\n\u003c/code\u003e characters to block CRLF injection chains that could be used to exfiltrate cloud metadata (IMDS). Behavior change: headers with CR/LF now throw \u003ccode\u003e\u0026quot;Invalid character in header content\u0026quot;\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10660\"\u003e#10660\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eSSRF via \u003ccode\u003eno_proxy\u003c/code\u003e Bypass:\u003c/strong\u003e Introduces a \u003ccode\u003eshouldBypassProxy\u003c/code\u003e helper that normalises hostnames (strips trailing dots, handles bracketed IPv6) before evaluating \u003ccode\u003eno_proxy\u003c/code\u003e/\u003ccode\u003eNO_PROXY\u003c/code\u003e rules, closing a gap that could cause loopback or internal hosts to be inadvertently proxied. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDeno \u0026amp; Bun Runtime Support:\u003c/strong\u003e Added full smoke test suites for Deno and Bun, with CI workflows that run both runtimes before any release is cut. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10652\"\u003e#10652\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNode.js v22 Compatibility:\u003c/strong\u003e Replaced deprecated \u003ccode\u003eurl.parse()\u003c/code\u003e calls with the WHATWG \u003ccode\u003eURL\u003c/code\u003e/\u003ccode\u003eURLSearchParams\u003c/code\u003e API across examples, sandbox, and tests, eliminating \u003ccode\u003eDEP0169\u003c/code\u003e deprecation warnings on Node.js v22+. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCI Security Hardening:\u003c/strong\u003e Added \u003ca href=\"https://github.com/zizmorcore/zizmor\"\u003ezizmor\u003c/a\u003e GitHub Actions security scanner; switched npm publish to OIDC Trusted Publishing (removing the long-lived \u003ccode\u003eNODE_AUTH_TOKEN\u003c/code\u003e); pinned all action references to full commit SHAs; narrowed workflow permissions to least privilege; gated the publish step behind a dedicated \u003ccode\u003enpm-publish\u003c/code\u003e environment; and blocked the sponsor-block workflow from running on forks. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10627\"\u003e#10627\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10641\"\u003e#10641\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Clarified HTTP/2 support and the unsupported \u003ccode\u003ehttpVersion\u003c/code\u003e option; added documentation for header case preservation; improved the \u003ccode\u003ebeforeRedirect\u003c/code\u003e example to prevent accidental credential leakage. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10654\"\u003e#10654\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003epicomatch\u003c/code\u003e, \u003ccode\u003ehandlebars\u003c/code\u003e, \u003ccode\u003eserialize-javascript\u003c/code\u003e, \u003ccode\u003evite\u003c/code\u003e (×3), \u003ccode\u003edenoland/setup-deno\u003c/code\u003e, and 4 additional dev dependencies to latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10564\"\u003e#10564\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10565\"\u003e#10565\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10567\"\u003e#10567\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10568\"\u003e#10568\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10572\"\u003e#10572\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10574\"\u003e#10574\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Kilros0817\"\u003e\u003ccode\u003e@​Kilros0817\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10616\"\u003e#10616\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10617\"\u003e#10617\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10641\"\u003e#10641\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ashstrc\"\u003e\u003ccode\u003e@​ashstrc\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/raashish1601\"\u003e\u003ccode\u003e@​raashish1601\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.14.0...v1.15.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.14.0 - March 27, 2026\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the \u003ccode\u003eformidable\u003c/code\u003e dependency, resolves a CommonJS compatibility regression, hardens proxy and HTTP/2 handling, and modernises the build and test toolchain.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormidable Vulnerability:\u003c/strong\u003e Upgraded \u003ccode\u003eformidable\u003c/code\u003e from v2 to v3 to address a reported arbitrary-file vulnerability. Updated test server and assertions to align with the v3 API. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7533\"\u003e#7533\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/772a4e54ecc4cc2421e2b746daff0aca10f359d7\"\u003e\u003ccode\u003e772a4e5\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10671\"\u003e#10671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4b071371be2f810b4bc7797a13838e0f806ebb22\"\u003e\u003ccode\u003e4b07137\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.0 to 8.0.5 in /tests/smoke/esm (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/51e57b39db251bfe3d34af5c943dfea18e06c8b6\"\u003e\u003ccode\u003e51e57b3\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.2 to 8.0.5 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/fba1a77930f0c459677b729161627234b88c90aa\"\u003e\u003ccode\u003efba1a77\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.2 to 8.0.5 in /tests/module/esm (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0bf6e28eac86e87da2b60bbf5ea4237910e1a08e\"\u003e\u003ccode\u003e0bf6e28\u003c/code\u003e\u003c/a\u003e chore(deps): bump denoland/setup-deno in the github-actions group (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/8107157c572ee4a54cb28c01ab7f7f3d895ba661\"\u003e\u003ccode\u003e8107157\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the development_dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e66530e3302d56176befd0778155dafea2487542\"\u003e\u003ccode\u003ee66530e\u003c/code\u003e\u003c/a\u003e ci: require npm-publish environment for releases (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/49f23cbfe4d308a075281c5f798d4c68f648cbe2\"\u003e\u003ccode\u003e49f23cb\u003c/code\u003e\u003c/a\u003e chore(sponsor): update sponsor block (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10668\"\u003e#10668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1\"\u003e\u003ccode\u003e3631854\u003c/code\u003e\u003c/a\u003e fix: unrestricted cloud metadata exfiltration via header injection chain (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10\"\u003e#10\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df\"\u003e\u003ccode\u003efb3befb\u003c/code\u003e\u003c/a\u003e fix: no_proxy hostname normalization bypass leads to ssrf (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.12.2...v1.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.14.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.2 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 9.0.5 to 9.0.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 5.1.6 to 5.1.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsonpath` from 1.1.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.7 / 2015-07-28\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression with escaped round brackets and matching groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.6 / 2015-06-19\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eindex\u003c/code\u003e feature by outputting all parameters, unnamed and named.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.5 / 2015-05-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an index property for position in match result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.4 / 2015-03-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd license information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.3 / 2014-07-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBetter array support\u003c/li\u003e\n\u003cli\u003eImproved support for trailing slash in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.0 / 2014-03-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eadd options.end\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.0.2 / 2013-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to match current express\u003c/li\u003e\n\u003cli\u003eadd .license property to component.json\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0\"\u003e\u003ccode\u003e9fd0c87\u003c/code\u003e\u003c/a\u003e 0.1.13 (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/425\"\u003e#425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45\"\u003e\u003ccode\u003e7ccf02c\u003c/code\u003e\u003c/a\u003e fix: CVE-2026-4867\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for path-to-regexp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.13.0 to 6.15.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.3\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003e[Fix] fix regressions from robustness refactor\n[actions] update reusable workflows\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/c85b67f0a35897c2d3d1dd2766a3c8f1bd9b371f\"\u003e\u003ccode\u003ec85b67f\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/4dfa0f09798f79b08c9727fde391b1aa4ec8572d\"\u003e\u003ccode\u003e4dfa0f0\u003c/code\u003e\u003c/a\u003e [Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/dbb05d7bd9a86b9125dd8e1e0d3dcae62abe106b\"\u003e\u003ccode\u003edbb05d7\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/b0cfe7cc01f3f7241c1d5cb444c99c0e87b68961\"\u003e\u003ccode\u003eb0cfe7c\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/d9b4c6630337...\n\n_Description has been truncated_","html_url":"https://github.com/Zintradev/ML-Threat-Dashboard/pull/39","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Zintradev%2FML-Threat-Dashboard/issues/39","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/39/packages"},{"uuid":"4328024647","node_id":"PR_kwDOSLpcPc7VlqRN","number":2,"state":"closed","title":"Bump the npm_and_yarn group across 1 directory with 17 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-25T12:30:33.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-25T11:57:32.000Z","updated_at":"2026-04-25T12:30:43.000Z","time_to_close":1981,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":17,"packages":[{"name":"axios","old_version":"1.12.2","new_version":"1.15.0","repository_url":"https://github.com/axios/axios"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"brace-expansion","old_version":"2.0.2","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"9.0.5","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.1","repository_url":"https://github.com/ljharb/qs"},{"name":"react-router","old_version":"7.9.3","new_version":"7.14.2","repository_url":"https://github.com/remix-run/react-router"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"webpack","old_version":"5.102.0","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 16 updates in the /frontend/ml-threat-dashboard directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.12.2` | `1.15.0` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.1` |\n| [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `7.9.3` | `7.14.2` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.102.0` | `5.106.2` |\n\n\nUpdates `axios` from 1.12.2 to 1.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.0\u003c/h2\u003e\n\u003cp\u003eThis release delivers two critical security patches, adds runtime support for Deno and Bun, and includes significant CI hardening, documentation improvements, and routine dependency updates.\u003c/p\u003e\n\u003ch2\u003e⚠️ Important Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecation:\u003c/strong\u003e \u003ccode\u003eurl.parse()\u003c/code\u003e usage has been replaced to address Node.js deprecation warnings. If you are on a recent version of Node.js, this resolves console warnings you may have been seeing. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Handling:\u003c/strong\u003e Fixed a \u003ccode\u003eno_proxy\u003c/code\u003e hostname normalisation bypass that could lead to Server-Side Request Forgery (SSRF). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection:\u003c/strong\u003e Fixed an unrestricted cloud metadata exfiltration vulnerability via a header injection chain. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10660\"\u003e#10660\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRuntime Support:\u003c/strong\u003e Added compatibility checks and documentation for Deno and Bun environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10652\"\u003e#10652\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10653\"\u003e#10653\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCI Security:\u003c/strong\u003e Hardened workflow permissions to least privilege, added the \u003ccode\u003ezizmor\u003c/code\u003e security scanner, pinned action versions, and gated npm publishing with OIDC and environment protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10627\"\u003e#10627\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eserialize-javascript\u003c/code\u003e, \u003ccode\u003ehandlebars\u003c/code\u003e, \u003ccode\u003epicomatch\u003c/code\u003e, \u003ccode\u003evite\u003c/code\u003e, and \u003ccode\u003edenoland/setup-deno\u003c/code\u003e to latest versions. Added a 7-day Dependabot cooldown period. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10574\"\u003e#10574\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10572\"\u003e#10572\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10568\"\u003e#10568\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10616\"\u003e#10616\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocumentation:\u003c/strong\u003e Unified docs, improved \u003ccode\u003ebeforeRedirect\u003c/code\u003e credential leakage example, clarified \u003ccode\u003ewithCredentials\u003c/code\u003e/\u003ccode\u003ewithXSRFToken\u003c/code\u003e behaviour, HTTP/2 support notes, async/await timeout error handling, header case preservation, and various typo fixes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10649\"\u003e#10649\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7452\"\u003e#7452\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7471\"\u003e#7471\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10654\"\u003e#10654\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHousekeeping:\u003c/strong\u003e Removed stale files, regenerated lockfile, and updated sponsor scripts and blocks. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10584\"\u003e#10584\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10650\"\u003e#10650\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10582\"\u003e#10582\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10640\"\u003e#10640\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10659\"\u003e#10659\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10668\"\u003e#10668\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Added regression coverage for urlencoded \u003ccode\u003eContent-Type\u003c/code\u003e casing. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve Axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/raashish1601\"\u003e\u003ccode\u003e@​raashish1601\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Kilros0817\"\u003e\u003ccode\u003e@​Kilros0817\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ashstrc\"\u003e\u003ccode\u003e@​ashstrc\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7452\"\u003e#7452\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.0\u003c/h2\u003e\n\u003cp\u003eThis release focuses on compatibility fixes, adapter stability improvements, and test/tooling modernisation.\u003c/p\u003e\n\u003ch2\u003e⚠️ Important Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking Changes:\u003c/strong\u003e None identified in this release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAction Required:\u003c/strong\u003e If you rely on env-based proxy behaviour or CJS resolution edge-cases, validate your integration after upgrade (notably \u003ccode\u003eproxy-from-env\u003c/code\u003e v2 alignment and \u003ccode\u003emain\u003c/code\u003e entry compatibility fix).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRuntime Features:\u003c/strong\u003e No new end-user features were introduced in this release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTest Coverage Expansion:\u003c/strong\u003e Added broader smoke/module test coverage for CJS and ESM package usage. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7510\"\u003e#7510\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeaders:\u003c/strong\u003e Trim trailing CRLF in normalised header values. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7456\"\u003e#7456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/2:\u003c/strong\u003e Close detached HTTP/2 sessions on timeout to avoid lingering sessions. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7457\"\u003e#7457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Cancel \u003ccode\u003eReadableStream\u003c/code\u003e created during request-stream capability probing to prevent async resource leaks. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7515\"\u003e#7515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Handling:\u003c/strong\u003e Fixed env proxy behavior with \u003ccode\u003eproxy-from-env\u003c/code\u003e v2 usage. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7499\"\u003e#7499\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.0 - April 7, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers two critical security patches targeting header injection and SSRF via proxy bypass, adds official runtime support for Deno and Bun, and includes significant CI security hardening.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection (CRLF):\u003c/strong\u003e Rejects any header value containing \u003ccode\u003e\\r\u003c/code\u003e or \u003ccode\u003e\\n\u003c/code\u003e characters to block CRLF injection chains that could be used to exfiltrate cloud metadata (IMDS). Behavior change: headers with CR/LF now throw \u003ccode\u003e\u0026quot;Invalid character in header content\u0026quot;\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10660\"\u003e#10660\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eSSRF via \u003ccode\u003eno_proxy\u003c/code\u003e Bypass:\u003c/strong\u003e Introduces a \u003ccode\u003eshouldBypassProxy\u003c/code\u003e helper that normalises hostnames (strips trailing dots, handles bracketed IPv6) before evaluating \u003ccode\u003eno_proxy\u003c/code\u003e/\u003ccode\u003eNO_PROXY\u003c/code\u003e rules, closing a gap that could cause loopback or internal hosts to be inadvertently proxied. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDeno \u0026amp; Bun Runtime Support:\u003c/strong\u003e Added full smoke test suites for Deno and Bun, with CI workflows that run both runtimes before any release is cut. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10652\"\u003e#10652\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNode.js v22 Compatibility:\u003c/strong\u003e Replaced deprecated \u003ccode\u003eurl.parse()\u003c/code\u003e calls with the WHATWG \u003ccode\u003eURL\u003c/code\u003e/\u003ccode\u003eURLSearchParams\u003c/code\u003e API across examples, sandbox, and tests, eliminating \u003ccode\u003eDEP0169\u003c/code\u003e deprecation warnings on Node.js v22+. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCI Security Hardening:\u003c/strong\u003e Added \u003ca href=\"https://github.com/zizmorcore/zizmor\"\u003ezizmor\u003c/a\u003e GitHub Actions security scanner; switched npm publish to OIDC Trusted Publishing (removing the long-lived \u003ccode\u003eNODE_AUTH_TOKEN\u003c/code\u003e); pinned all action references to full commit SHAs; narrowed workflow permissions to least privilege; gated the publish step behind a dedicated \u003ccode\u003enpm-publish\u003c/code\u003e environment; and blocked the sponsor-block workflow from running on forks. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10627\"\u003e#10627\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10641\"\u003e#10641\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Clarified HTTP/2 support and the unsupported \u003ccode\u003ehttpVersion\u003c/code\u003e option; added documentation for header case preservation; improved the \u003ccode\u003ebeforeRedirect\u003c/code\u003e example to prevent accidental credential leakage. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10654\"\u003e#10654\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003epicomatch\u003c/code\u003e, \u003ccode\u003ehandlebars\u003c/code\u003e, \u003ccode\u003eserialize-javascript\u003c/code\u003e, \u003ccode\u003evite\u003c/code\u003e (×3), \u003ccode\u003edenoland/setup-deno\u003c/code\u003e, and 4 additional dev dependencies to latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10564\"\u003e#10564\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10565\"\u003e#10565\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10567\"\u003e#10567\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10568\"\u003e#10568\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10572\"\u003e#10572\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10574\"\u003e#10574\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Kilros0817\"\u003e\u003ccode\u003e@​Kilros0817\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10616\"\u003e#10616\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10617\"\u003e#10617\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10641\"\u003e#10641\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ashstrc\"\u003e\u003ccode\u003e@​ashstrc\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/raashish1601\"\u003e\u003ccode\u003e@​raashish1601\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.14.0...v1.15.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.14.0 - March 27, 2026\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the \u003ccode\u003eformidable\u003c/code\u003e dependency, resolves a CommonJS compatibility regression, hardens proxy and HTTP/2 handling, and modernises the build and test toolchain.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormidable Vulnerability:\u003c/strong\u003e Upgraded \u003ccode\u003eformidable\u003c/code\u003e from v2 to v3 to address a reported arbitrary-file vulnerability. Updated test server and assertions to align with the v3 API. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7533\"\u003e#7533\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/772a4e54ecc4cc2421e2b746daff0aca10f359d7\"\u003e\u003ccode\u003e772a4e5\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10671\"\u003e#10671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4b071371be2f810b4bc7797a13838e0f806ebb22\"\u003e\u003ccode\u003e4b07137\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.0 to 8.0.5 in /tests/smoke/esm (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/51e57b39db251bfe3d34af5c943dfea18e06c8b6\"\u003e\u003ccode\u003e51e57b3\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.2 to 8.0.5 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/fba1a77930f0c459677b729161627234b88c90aa\"\u003e\u003ccode\u003efba1a77\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.2 to 8.0.5 in /tests/module/esm (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0bf6e28eac86e87da2b60bbf5ea4237910e1a08e\"\u003e\u003ccode\u003e0bf6e28\u003c/code\u003e\u003c/a\u003e chore(deps): bump denoland/setup-deno in the github-actions group (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/8107157c572ee4a54cb28c01ab7f7f3d895ba661\"\u003e\u003ccode\u003e8107157\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the development_dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e66530e3302d56176befd0778155dafea2487542\"\u003e\u003ccode\u003ee66530e\u003c/code\u003e\u003c/a\u003e ci: require npm-publish environment for releases (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/49f23cbfe4d308a075281c5f798d4c68f648cbe2\"\u003e\u003ccode\u003e49f23cb\u003c/code\u003e\u003c/a\u003e chore(sponsor): update sponsor block (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10668\"\u003e#10668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1\"\u003e\u003ccode\u003e3631854\u003c/code\u003e\u003c/a\u003e fix: unrestricted cloud metadata exfiltration via header injection chain (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10\"\u003e#10\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df\"\u003e\u003ccode\u003efb3befb\u003c/code\u003e\u003c/a\u003e fix: no_proxy hostname normalization bypass leads to ssrf (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.12.2...v1.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.14.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.2 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 9.0.5 to 9.0.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 5.1.6 to 5.1.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsonpath` from 1.1.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.7 / 2015-07-28\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression with escaped round brackets and matching groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.6 / 2015-06-19\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eindex\u003c/code\u003e feature by outputting all parameters, unnamed and named.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.5 / 2015-05-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an index property for position in match result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.4 / 2015-03-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd license information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.3 / 2014-07-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBetter array support\u003c/li\u003e\n\u003cli\u003eImproved support for trailing slash in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.0 / 2014-03-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eadd options.end\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.0.2 / 2013-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to match current express\u003c/li\u003e\n\u003cli\u003eadd .license property to component.json\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0\"\u003e\u003ccode\u003e9fd0c87\u003c/code\u003e\u003c/a\u003e 0.1.13 (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/425\"\u003e#425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45\"\u003e\u003ccode\u003e7ccf02c\u003c/code\u003e\u003c/a\u003e fix: CVE-2026-4867\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for path-to-regexp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.13.0 to 6.15.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.3\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003e[Fix] fix regressions from robustness refactor\n[actions] update reusable workflows\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/c85b67f0a35897c2d3d1dd2766a3c8f1bd9b371f\"\u003e\u003ccode\u003ec85b67f\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/4dfa0f09798f79b08c9727fde391b1aa4ec8572d\"\u003e\u003ccode\u003e4dfa0f0\u003c/code\u003e\u003c/a\u003e [Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/dbb05d7bd9a86b9125dd8e1e0d3dcae62abe106b\"\u003e\u003ccode\u003edbb05d7\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/b0cfe7cc01f3f7241c1d5cb4...\n\n_Description has been truncated_","html_url":"https://github.com/Zintradev/ML-Threat-Dashboard/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Zintradev%2FML-Threat-Dashboard/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}],"issue_packages":[{"old_version":"1.1.1","new_version":"1.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-31T23:39:45.000Z","version_change":"1.1.1 → 1.3.0","issue":{"uuid":"4559388419","node_id":"PR_kwDOOQ8rRs7hLKGw","number":26,"state":"open","title":"Bump jsonpath from 1.1.1 to 1.3.0","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-31T23:39:45.000Z","updated_at":"2026-05-31T23:42:34.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"}],"path":null,"ecosystem":"npm"},"body":"Bumps [jsonpath](https://github.com/dchester/jsonpath) from 1.1.1 to 1.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jsonpath\u0026package-manager=npm_and_yarn\u0026previous-version=1.1.1\u0026new-version=1.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/dlep17/fsl-index/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/dlep17/fsl-index/pull/26","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dlep17%2Ffsl-index/issues/26","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/26/packages"}},{"old_version":"1.1.1","new_version":"1.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-28T01:11:03.000Z","version_change":"1.1.1 → 1.3.0","issue":{"uuid":"4536885356","node_id":"PR_kwDONp4dDM7gDViV","number":1,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 25 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-28T01:11:03.000Z","updated_at":"2026-05-28T01:11:31.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":25,"packages":[{"name":"axios","old_version":"1.7.9","new_version":"1.15.2","repository_url":"https://github.com/axios/axios"},{"name":"postcss","old_version":"8.5.0","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"@babel/helpers","old_version":"7.26.0","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.25.9","new_version":"7.29.7","repository_url":"https://github.com/babel/babel"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"form-data","old_version":"3.0.2","new_version":"3.0.4","repository_url":"https://github.com/form-data/form-data"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.15","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.0.5","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.2","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"http-proxy-middleware","old_version":"2.0.7","new_version":"2.0.9","repository_url":"https://github.com/chimurai/http-proxy-middleware"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"on-headers","old_version":"1.0.2","new_version":"1.1.0","repository_url":"https://github.com/jshttp/on-headers"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"2.7.0","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"},{"name":"react-router","old_version":"7.1.1","new_version":"7.15.1","repository_url":"https://github.com/remix-run/react-router"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"webpack","old_version":"5.97.1","new_version":"5.107.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 22 updates in the /frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.7.9` | `1.15.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.0` | `8.5.10` |\n| [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.26.0` | `7.29.7` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.25.9` | `7.29.7` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [form-data](https://github.com/form-data/form-data) | `3.0.2` | `3.0.4` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.15` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.5` | `3.1.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.2` | `3.4.2` |\n| [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.7` | `2.0.9` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [yaml](https://github.com/eemeli/yaml) | `2.7.0` | `2.9.0` |\n| [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `7.1.1` | `7.15.1` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.97.1` | `5.107.2` |\n\n\nUpdates `axios` from 1.7.9 to 1.15.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eLocation\u003c/code\u003e Request Header Type:\u003c/strong\u003e Adds \u003ccode\u003eLocation\u003c/code\u003e to \u003ccode\u003eCommonRequestHeadersList\u003c/code\u003e for accurate typing of redirect-aware requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7528\"\u003e#7528\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormData Handling:\u003c/strong\u003e Removes \u003ccode\u003eContent-Type\u003c/code\u003e when no boundary is present on \u003ccode\u003eFormData\u003c/code\u003e fetch requests, supports multi-select fields, cancels \u003ccode\u003erequest.body\u003c/code\u003e instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7314\"\u003e#7314\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10676\"\u003e#10676\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10702\"\u003e#10702\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10726\"\u003e#10726\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter:\u003c/strong\u003e Handles socket-only request errors without leaking keep-alive listeners. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10576\"\u003e#10576\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProgress Events:\u003c/strong\u003e Clamps \u003ccode\u003eloaded\u003c/code\u003e to \u003ccode\u003etotal\u003c/code\u003e for computable upload/download progress events. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7458\"\u003e#7458\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes:\u003c/strong\u003e Aligns \u003ccode\u003erunWhen\u003c/code\u003e type with the runtime behaviour in \u003ccode\u003eInterceptorManager\u003c/code\u003e and makes response header keys case-insensitive. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7529\"\u003e#7529\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10677\"\u003e#10677\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ebuildFullPath\u003c/code\u003e:\u003c/strong\u003e Uses strict equality in the base/relative URL check. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7252\"\u003e#7252\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eAxiosURLSearchParams\u003c/code\u003e Regex:\u003c/strong\u003e Improves the regex used for param serialisation to avoid edge-case mismatches. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10736\"\u003e#10736\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eResilient Value Parsing:\u003c/strong\u003e Parses out header/config values instead of throwing on malformed input. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10687\"\u003e#10687\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2 - April 21, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.15.1 - April 19, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/582934382e4e0e0bcb679c628071a4203e93cf57\"\u003e\u003ccode\u003e5829343\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10789\"\u003e#10789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4709a48fa2717ba97f43f5432d48ca4e26c2d326\"\u003e\u003ccode\u003e4709a48\u003c/code\u003e\u003c/a\u003e fix: added fix for memory leak in sockets (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/be3336014e01f9a4fc1f8aef15303cf7daaf58db\"\u003e\u003ccode\u003ebe33360\u003c/code\u003e\u003c/a\u003e chore: update changelog (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa\"\u003e\u003ccode\u003e4791514\u003c/code\u003e\u003c/a\u003e fix: more header pollutions (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/6feafcff6c2dbafe206161c5d09e38e1d36af66f\"\u003e\u003ccode\u003e6feafcf\u003c/code\u003e\u003c/a\u003e fix: socket issue (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/302e2739c602f00e323d4f3f5c79500647633a73\"\u003e\u003ccode\u003e302e273\u003c/code\u003e\u003c/a\u003e docs: update docs, add a couple actions etc (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ac42446be51300fe214ba3c6e40cc95f34fd6871\"\u003e\u003ccode\u003eac42446\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10767\"\u003e#10767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/908f2206b6bfeff67236784abce85935698ac1d9\"\u003e\u003ccode\u003e908f220\u003c/code\u003e\u003c/a\u003e docs: update threatmodel (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10765\"\u003e#10765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f93f8155250c2e066205521eda05ae22983a1f6d\"\u003e\u003ccode\u003ef93f815\u003c/code\u003e\u003c/a\u003e docs: added docs around potential decompressions bomb (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10763\"\u003e#10763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1728aa1b15b8857f970611fd8983c06b423fc486\"\u003e\u003ccode\u003e1728aa1\u003c/code\u003e\u003c/a\u003e fix: short-circuits on any truthy non-boolean in withXSRFToken (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.7.9...v1.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.0 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eInput#document\u003c/code\u003e for sources like CSS-in-JS or HTML (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.4.49\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax without \u003ccode\u003esource.offset\u003c/code\u003e (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.0...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/helpers` from 7.26.0 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/helpers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/37d5595fca9f188f0534458180611f2e776acd31\"\u003e\u003ccode\u003e37d5595\u003c/code\u003e\u003c/a\u003e v7.29.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/1c0a08d95ae7e1c788c7e1ae3a10ee53f7c86864\"\u003e\u003ccode\u003e1c0a08d\u003c/code\u003e\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17805\"\u003e#17805\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/d7f400889567ae18ef9ac41b024b5120f6060e17\"\u003e\u003ccode\u003ed7f4008\u003c/code\u003e\u003c/a\u003e v7.28.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/99dcba5e71de3bd81ce14077cfa5b6df58e9b177\"\u003e\u003ccode\u003e99dcba5\u003c/code\u003e\u003c/a\u003e chore: enable some ts-eslint rules (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17592\"\u003e#17592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/c1b55f6ad56523ccc96fa68721de0bed2f2cdb23\"\u003e\u003ccode\u003ec1b55f6\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003eeslint.config.mts\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17573\"\u003e#17573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/35055e392079a65830b7bf5b1d1c1fc4de90a78f\"\u003e\u003ccode\u003e35055e3\u003c/code\u003e\u003c/a\u003e v7.28.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/18d88b83c67c8dbbe63e4ac423e6006c4c01b85c\"\u003e\u003ccode\u003e18d88b8\u003c/code\u003e\u003c/a\u003e Improve \u003ccode\u003e@​babel/core\u003c/code\u003e typings (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17471\"\u003e#17471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/ef155f5ca83c73dbc1ea8d95216830b7dc3b0ac2\"\u003e\u003ccode\u003eef155f5\u003c/code\u003e\u003c/a\u003e v7.28.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/741cbd2381ac0cda3afd42bc04454a87d9d8762a\"\u003e\u003ccode\u003e741cbd2\u003c/code\u003e\u003c/a\u003e chore: fix various typos across codebase (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17476\"\u003e#17476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-helpers\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/helpers\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.25.9 to 7.29.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.7 (2026-05-25)\u003c/h2\u003e\n\u003cp\u003eRe-release all packages with npm provenance attestations\u003c/p\u003e\n\u003ch2\u003ev7.29.6 (2026-05-25)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18014\"\u003e#18014\u003c/a\u003e Catchup source map position in preserveFormat (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/18001\"\u003e#18001\u003c/a\u003e [7.x packport]Improve input source map handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-core\u003c/code\u003e, \u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17998\"\u003e#17998\u003c/a\u003e Preserve original identifier names from input sourcemaps (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17992\"\u003e#17992\u003c/a\u003e) (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 3\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMateusz Burzyński (\u003ca href=\"https://github.com/Andarist\"\u003e\u003ccode\u003e@​Andarist\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.5 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:house:  Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@babel/*\u003c/code\u003e dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/4fba7541180bf5f58256d8e358b544e3831ad090\"\u003e\u003ccode\u003e4fba754\u003c/code\u003e\u003c/a\u003e v7.29.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.14.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `form-data` from 3.0.2 to 3.0.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/form-data/form-data/blob/master/CHANGELOG.md\"\u003eform-data's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.3...v3.0.4\"\u003ev3.0.4\u003c/a\u003e - 2025-07-16\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/577\"\u003e\u003ccode\u003e[#577](https://github.com/form-data/form-data/issues/577)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[eslint] update linting config \u003ca href=\"https://github.com/form-data/form-data/commit/f5e7eb024bc3fc7e2074ff80f143a4f4cbc1dbda\"\u003e\u003ccode\u003ef5e7eb0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5\"\u003e\u003ccode\u003ed2eb290\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23 \u003ca href=\"https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f\"\u003e\u003ccode\u003ee8c574c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values \u003ca href=\"https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd\"\u003e\u003ccode\u003ec6ced61\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003ehasown\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/1a78b5dd05e508d67e97764d812ac7c6d92ea88d\"\u003e\u003ccode\u003e1a78b5d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method \u003ca href=\"https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4\"\u003e\u003ccode\u003e70bbaa0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add tests to check the behavior of \u003ccode\u003egetBoundary\u003c/code\u003e with non-strings \u003ca href=\"https://github.com/form-data/form-data/commit/b22a64ef94ba4f3f6ff7d1ac72a54cca128567df\"\u003e\u003ccode\u003eb22a64e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] actually ensure the readme backup isn’t published \u003ca href=\"https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea\"\u003e\u003ccode\u003e0150851\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] remove local commit hooks \u003ca href=\"https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769\"\u003e\u003ccode\u003efc42bb9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] remove unused deps \u003ca href=\"https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb\"\u003e\u003ccode\u003ea14d09e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix scripts to use prepublishOnly \u003ca href=\"https://github.com/form-data/form-data/commit/11d9f7338f18a59b431832a3562b49baece0a432\"\u003e\u003ccode\u003e11d9f73\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix readme capitalization \u003ca href=\"https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932\"\u003e\u003ccode\u003efc38b48\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.2...v3.0.3\"\u003ev3.0.3\u003c/a\u003e - 2025-02-14\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/573\"\u003e\u003ccode\u003e[#573](https://github.com/form-data/form-data/issues/573)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/573\"\u003e#573\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/396\"\u003e\u003ccode\u003e[#396](https://github.com/form-data/form-data/issues/396)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003eObject.prototype.hasOwnProperty.call\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/7fecefe4ba8f775634aff86a698776ad95ecffb5\"\u003e\u003ccode\u003e7fecefe\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@types/node\u003c/code\u003e, \u003ccode\u003ebrowserify\u003c/code\u003e, \u003ccode\u003ecoveralls\u003c/code\u003e, \u003ccode\u003ecross-spawn\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003eformidable\u003c/code\u003e, \u003ccode\u003ein-publish\u003c/code\u003e, \u003ccode\u003epkgfiles\u003c/code\u003e, \u003ccode\u003epre-commit\u003c/code\u003e, \u003ccode\u003epuppeteer\u003c/code\u003e, \u003ccode\u003erequest\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e, \u003ccode\u003etypescript\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/8261fcb8bf5944d30ae3bd04b91b71d6a9932ef4\"\u003e\u003ccode\u003e8261fcb\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/form-data/form-data/commit/b82f59093cdbadb4b7ec0922d33ae7ab048b82ff\"\u003e\u003ccode\u003eb82f590\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] pin \u003ccode\u003erequest\u003c/code\u003e which via \u003ccode\u003etough-cookie\u003c/code\u003e ^2.4 depends on \u003ccode\u003epsl\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/e5df7f24383342264bd73dee3274818a40d04065\"\u003e\u003ccode\u003ee5df7f2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003emime-types\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/5a5bafee894fead10da49e1fa2b084e17f2e1034\"\u003e\u003ccode\u003e5a5bafe\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/9c82fcdf0858b2764060a87803a55375ffbee6ed\"\u003e\u003ccode\u003e9c82fcd\u003c/code\u003e\u003c/a\u003e v3.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f\"\u003e\u003ccode\u003ee8c574c\u003c/code\u003e\u003c/a\u003e [Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd\"\u003e\u003ccode\u003ec6ced61\u003c/code\u003e\u003c/a\u003e [Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea\"\u003e\u003ccode\u003e0150851\u003c/code\u003e\u003c/a\u003e [meta] actually ensure the readme backup isn’t published\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932\"\u003e\u003ccode\u003efc38b48\u003c/code\u003e\u003c/a\u003e [meta] fix readme capitalization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5\"\u003e\u003ccode\u003ed2eb290\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769\"\u003e\u003ccode\u003efc42bb9\u003c/code\u003e\u003c/a\u003e [meta] remove local commit hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb\"\u003e\u003ccode\u003ea14d09e\u003c/code\u003e\u003c/a\u003e [Dev Deps] remove unused deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/002b9b0c4862576305292ac44f7be25ec7ccea0e\"\u003e\u003ccode\u003e002b9b0\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4\"\u003e\u003ccode\u003e70bbaa0\u003c/code\u003e\u003c/a\u003e [Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.2...v3.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.15\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.15\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBackport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)  0b09384\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.14...v1.1.15\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2203f4f4895eba16c4d408b4219ce1b8e5f6ff24\"\u003e\u003ccode\u003e2203f4f\u003c/code\u003e\u003c/a\u003e 1.1.15\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0b0938410732370559704230724ca4a44d1b29fd\"\u003e\u003ccode\u003e0b09384\u003c/code\u003e\u003c/a\u003e Backport v5.0.6 change to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/111\"\u003e#111\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.15\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.0.5 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove master branch support by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/126\"\u003efastify/fast-uri#126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(test) remove .gitkeep by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/128\"\u003efastify/fast-uri#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): set job permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/129\"\u003efastify/fast-uri#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set permissions at workflow level by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/131\"\u003efastify/fast-uri#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set workflow permissions to read-only by default by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/132\"\u003efastify/fast-uri#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): restore job level permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/133\"\u003efastify/fast-uri#133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.31.2 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/134\"\u003efastify/fast-uri#134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): pin actions to commit-hash by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/135\"\u003efastify/fast-uri#135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add node 24 to test matrix by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/136\"\u003efastify/fast-uri#136\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.0.5...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c...\n\n_Description has been truncated_","html_url":"https://github.com/sam1am/auth-boilerplate/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/sam1am%2Fauth-boilerplate/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"1.1.1","new_version":"1.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-23T07:45:38.000Z","version_change":"1.1.1 → 1.3.0","issue":{"uuid":"4507370312","node_id":"PR_kwDOL03oAc7elLdW","number":2,"state":"open","title":"Bump the npm_and_yarn group across 2 directories with 21 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-23T07:45:38.000Z","updated_at":"2026-05-23T07:46:54.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":21,"packages":[{"name":"uuid","old_version":"9.0.1","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"qs","old_version":"6.14.0","new_version":"6.15.2","repository_url":"https://github.com/ljharb/qs"},{"name":"axios","old_version":"1.12.0","new_version":"1.15.2","repository_url":"https://github.com/axios/axios"},{"name":"multer","old_version":"2.0.2","new_version":"2.1.1","repository_url":"https://github.com/expressjs/multer"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.24.1","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.3","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"2.4.2","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"},{"name":"react-router","old_version":"6.23.0","new_version":"6.30.3","repository_url":"https://github.com/remix-run/react-router"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"webpack","old_version":"5.103.0","new_version":"5.107.1","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 3 updates in the / directory: [uuid](https://github.com/uuidjs/uuid), [path-to-regexp](https://github.com/pillarjs/path-to-regexp) and [qs](https://github.com/ljharb/qs).\nBumps the npm_and_yarn group with 19 updates in the /client directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [uuid](https://github.com/uuidjs/uuid) | `9.0.1` | `14.0.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [qs](https://github.com/ljharb/qs) | `6.14.0` | `6.15.2` |\n| [axios](https://github.com/axios/axios) | `1.12.0` | `1.15.2` |\n| [multer](https://github.com/expressjs/multer) | `2.0.2` | `2.1.1` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.24.1` | `7.29.4` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.3` | `1.4.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [yaml](https://github.com/eemeli/yaml) | `2.4.2` | `2.9.0` |\n| [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `6.23.0` | `6.30.3` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.103.0` | `5.107.1` |\n\n\nUpdates `uuid` from 9.0.1 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v9.0.1...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.7 / 2015-07-28\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression with escaped round brackets and matching groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.6 / 2015-06-19\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eindex\u003c/code\u003e feature by outputting all parameters, unnamed and named.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.5 / 2015-05-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an index property for position in match result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.4 / 2015-03-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd license information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.3 / 2014-07-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBetter array support\u003c/li\u003e\n\u003cli\u003eImproved support for trailing slash in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.0 / 2014-03-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eadd options.end\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.0.2 / 2013-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to match current express\u003c/li\u003e\n\u003cli\u003eadd .license property to component.json\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0\"\u003e\u003ccode\u003e9fd0c87\u003c/code\u003e\u003c/a\u003e 0.1.13 (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/425\"\u003e#425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45\"\u003e\u003ccode\u003e7ccf02c\u003c/code\u003e\u003c/a\u003e fix: CVE-2026-4867\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for path-to-regexp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.0 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.0...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 9.0.1 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.2\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.1...v13.0.2\"\u003e13.0.2\u003c/a\u003e (2026-05-04)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ererelease to fix provenance. (\u003ca href=\"https://github.com/uuidjs/uuid/commit/49ccb35f78c0c4ce1409dd2f1d89f83caadba10b\"\u003e49ccb35\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v9.0.1...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.7 / 2015-07-28\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression with escaped round brackets and matching groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.6 / 2015-06-19\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eindex\u003c/code\u003e feature by outputting all parameters, unnamed and named.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.5 / 2015-05-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an index property for position in match result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.4 / 2015-03-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd license information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.3 / 2014-07-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBetter array support\u003c/li\u003e\n\u003cli\u003eImproved support for trailing slash in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.0 / 2014-03-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eadd options.end\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.0.2 / 2013-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to match current express\u003c/li\u003e\n\u003cli\u003eadd .license property to component.json\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0\"\u003e\u003ccode\u003e9fd0c87\u003c/code\u003e\u003c/a\u003e 0.1.13 (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/425\"\u003e#425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45\"\u003e\u003ccode\u003e7ccf02c\u003c/code\u003e\u003c/a\u003e fix: CVE-2026-4867\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for path-to-regexp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.14.0 to 6.15.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + \u003ccode\u003eencodeValuesOnly\u003c/code\u003e instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashing in \u003ccode\u003eencoder\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/530\"\u003e#530\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] fix grammar (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/550\"\u003e#550\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9aca4076fe788338c67cf7e115f0be6bc58d85a8\"\u003e\u003ccode\u003e9aca407\u003c/code\u003e\u003c/a\u003e v6.15.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/5e33d33447ed0bf1ddab9abc41d27dea4687d992\"\u003e\u003ccode\u003e5e33d33\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/21f80b33e5c8b3f7eba1034fff0da4a4a37a1d41\"\u003e\u003ccode\u003e21f80b3\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined entries in \u003ccode\u003earrayFormat: 'comma'\u003c/code\u003e + `e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a0a81ea2071acce3eff41a040f719ac8f5c4f64c\"\u003e\u003ccode\u003ea0a81ea\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: use configured \u003ccode\u003edelimiter\u003c/code\u003e after \u003ccode\u003echarsetSentinel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/e3062f78f5233b338ceeb8e8dfa5a07dea4b32a8\"\u003e\u003ccode\u003ee3062f7\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: apply \u003ccode\u003eformatter\u003c/code\u003e to encoded key under \u003ccode\u003estrictNullHandling\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/0c180a40adb8c6703fffc85b2ff06ca209f5c1e0\"\u003e\u003ccode\u003e0c180a4\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003estringify\u003c/code\u003e: skip null/undefined filter-array entries instead of crashi...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3a8b94aec19bd664720f6f6b1e66c4a0dfe4b656\"\u003e\u003ccode\u003e3a8b94a\u003c/code\u003e\u003c/a\u003e [Tests] add regression tests for keys containing percent-encoded bracket text\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/96755abd357c0e534dd3442a84a04d08864bfe0d\"\u003e\u003ccode\u003e96755ab\u003c/code\u003e\u003c/a\u003e [readme] fix grammar\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/a419ce5bbfcdb98a299f1a0bb47ea055baef20e6\"\u003e\u003ccode\u003ea419ce5\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: handle nested bracket groups and add regression tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.14.0...v6.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.12.0 to 1.15.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eLocation\u003c/code\u003e Request Header Type:\u003c/strong\u003e Adds \u003ccode\u003eLocation\u003c/code\u003e to \u003ccode\u003eCommonRequestHeadersList\u003c/code\u003e for accurate typing of redirect-aware requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7528\"\u003e#7528\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormData Handling:\u003c/strong\u003e Removes \u003ccode\u003eContent-Type\u003c/code\u003e when no boundary is present on \u003ccode\u003eFormData\u003c/code\u003e fetch requests, supports multi-select fields, cancels \u003ccode\u003erequest.body\u003c/code\u003e instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7314\"\u003e#7314\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10676\"\u003e#10676\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10702\"\u003e#10702\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10726\"\u003e#10726\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter:\u003c/strong\u003e Handles socket-only request errors without leaking keep-alive listeners. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10576\"\u003e#10576\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProgress Events:\u003c/strong\u003e Clamps \u003ccode\u003eloaded\u003c/code\u003e to \u003ccode\u003etotal\u003c/code\u003e for computable upload/download progress events. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7458\"\u003e#7458\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes:\u003c/strong\u003e Aligns \u003ccode\u003erunWhen\u003c/code\u003e type with the runtime behaviour in \u003ccode\u003eInterceptorManager\u003c/code\u003e and makes response header keys case-insensitive. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7529\"\u003e#7529\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10677\"\u003e#10677\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ebuildFullPath\u003c/code\u003e:\u003c/strong\u003e Uses strict equality in the base/relative URL check. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7252\"\u003e#7252\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eAxiosURLSearchParams\u003c/code\u003e Regex:\u003c/strong\u003e Improves the regex used for param serialisation to avoid edge-case mismatches. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10736\"\u003e#10736\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eResilient Value Parsing:\u003c/strong\u003e Parses out header/config values instead of throwing on malformed input. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10687\"\u003e#10687\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2 - April 21, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.15.1 - April 19, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/582934382e4e0e0bcb679c628071a4203e93cf57\"\u003e\u003ccode\u003e5829343\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10789\"\u003e#10789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4709a48fa2717ba97f43f5432d48ca4e26c2d326\"\u003e\u003ccode\u003e4709a48\u003c/code\u003e\u003c/a\u003e fix: added fix for memory leak in sockets (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/be3336014e01f9a4fc1f8aef15303cf7daaf58db\"\u003e\u003ccode\u003ebe33360\u003c/code\u003e\u003c/a\u003e chore: update changelog (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa\"\u003e\u003ccode\u003e4791514\u003c/code\u003e\u003c/a\u003e fix: more header pollutions (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/6feafcff6c2dbafe206161c5d09e38e1d36af66f\"\u003e\u003ccode\u003e6feafcf\u003c/code\u003e\u003c/a\u003e fix: socket issue (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/302e2739c602f00e323d4f3f5c79500647633a73\"\u003e\u003ccode\u003e302e273\u003c/code\u003e\u003c/a\u003e docs: update docs, add a couple actions etc (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ac42446be51300fe214ba3c6e40cc95f34fd6871\"\u003e\u003ccode\u003eac42446\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10767\"\u003e#10767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/908f2206b6bfeff67236784abce85935698ac1d9\"\u003e\u003ccode\u003e908f220\u003c/code\u003e\u003c/a\u003e docs: update threatmodel (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10765\"\u003e#10765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f93f8155250c2e066205521eda05ae22983a1f6d\"\u003e\u003ccode\u003ef93f815\u003c/code\u003e\u003c/a\u003e docs: added docs around potential decompressions bomb (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10763\"\u003e#10763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1728aa1b15b8857f970611fd8983c06b423fc486\"\u003e\u003ccode\u003e1728aa1\u003c/code\u003e\u003c/a\u003e fix: short-circuits on any truthy non-boolean in withXSRFToken (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.12.0...v1.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `multer` from 2.0.2 to 2.1.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/multer/releases\"\u003emulter's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.1.1\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3520\"\u003eCVE-2026-3520\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2\"\u003eGHSA-5528-5vmv-3xc2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: add node version to 25.x in CI by \u003ca href=\"https://github.com/imangas\"\u003e\u003ccode\u003e@​imangas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1372\"\u003eexpressjs/multer#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1378\"\u003eexpressjs/multer#1378\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump coverallsapp/github-action from 1.2.5 to 2.3.6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1377\"\u003eexpressjs/multer#1377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1376\"\u003eexpressjs/multer#1376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1375\"\u003eexpressjs/multer#1375\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 4.1.1 to 6.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1374\"\u003eexpressjs/multer#1374\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix error/abort handling by \u003ca href=\"https://github.com/ctcpip\"\u003e\u003ccode\u003e@​ctcpip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1373\"\u003eexpressjs/multer#1373\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e2.1.1 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1380\"\u003eexpressjs/multer#1380\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/imangas\"\u003e\u003ccode\u003e@​imangas\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1372\"\u003eexpressjs/multer#1372\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1378\"\u003eexpressjs/multer#1378\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/multer/compare/v2.1.0...v2.1.1\"\u003ehttps://github.com/expressjs/multer/compare/v2.1.0...v2.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.1.0\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-2359\"\u003eCVE-2026-2359\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc\"\u003eGHSA-v52c-386h-88mc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3304\"\u003eCVE-2026-3304\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p\"\u003eGHSA-xf7r-hgr6-v32p\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: add funding to package.json by \u003ca href=\"https://github.com/bjohansebas\"\u003e\u003ccode\u003e@​bjohansebas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1346\"\u003eexpressjs/multer#1346\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop mkdirp dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1350\"\u003eexpressjs/multer#1350\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop object-assign dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1351\"\u003eexpressjs/multer#1351\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: drop xtend dependency by \u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1352\"\u003eexpressjs/multer#1352\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(gitignore): ignore .nyc_output directory by \u003ca href=\"https://github.com/ShubhamOulkar\"\u003e\u003ccode\u003e@​ShubhamOulkar\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1332\"\u003eexpressjs/multer#1332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in README-vi.md regarding file upload by \u003ca href=\"https://github.com/Kunniii\"\u003e\u003ccode\u003e@​Kunniii\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1366\"\u003eexpressjs/multer#1366\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix typo in README-pt-br.md for array method by \u003ca href=\"https://github.com/matheushbm192\"\u003e\u003ccode\u003e@​matheushbm192\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1367\"\u003eexpressjs/multer#1367\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eheaders-support-utf8 by \u003ca href=\"https://github.com/Doc999tor\"\u003e\u003ccode\u003e@​Doc999tor\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003eexpressjs/multer#1210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd Turkish translation (README-tr.md) by \u003ca href=\"https://github.com/Sabandogan\"\u003e\u003ccode\u003e@​Sabandogan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1360\"\u003eexpressjs/multer#1360\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRelease: 2.1.0 by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1371\"\u003eexpressjs/multer#1371\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/wojtekmaj\"\u003e\u003ccode\u003e@​wojtekmaj\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1350\"\u003eexpressjs/multer#1350\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ShubhamOulkar\"\u003e\u003ccode\u003e@​ShubhamOulkar\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1332\"\u003eexpressjs/multer#1332\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Kunniii\"\u003e\u003ccode\u003e@​Kunniii\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1366\"\u003eexpressjs/multer#1366\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/matheushbm192\"\u003e\u003ccode\u003e@​matheushbm192\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1367\"\u003eexpressjs/multer#1367\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Doc999tor\"\u003e\u003ccode\u003e@​Doc999tor\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003eexpressjs/multer#1210\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Sabandogan\"\u003e\u003ccode\u003e@​Sabandogan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1360\"\u003eexpressjs/multer#1360\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/expressjs/multer/compare/v2.0.2...v2.1.0\"\u003ehttps://github.com/expressjs/multer/compare/v2.0.2...v2.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/expressjs/multer/blob/main/CHANGELOG.md\"\u003emulter's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.1.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3520\"\u003eCVE-2026-3520\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2\"\u003eGHSA-5528-5vmv-3xc2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix error/abort handling\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003edefParamCharset\u003c/code\u003e option for UTF-8 filename support (\u003ca href=\"https://redirect.github.com/expressjs/multer/pull/1210\"\u003e#1210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-2359\"\u003eCVE-2026-2359\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc\"\u003eGHSA-v52c-386h-88mc\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-3304\"\u003eCVE-2026-3304\u003c/a\u003e (\u003ca href=\"https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p\"\u003eGHSA-xf7r-hgr6-v32p\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/368c8a10cca11854cf17c24029fefd1eafb1c059\"\u003e\u003ccode\u003e368c8a1\u003c/code\u003e\u003c/a\u003e 2.1.1 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1380\"\u003e#1380\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752\"\u003e\u003ccode\u003e7e66481\u003c/code\u003e\u003c/a\u003e 🐛 fix recursion issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/643571ef85e9db94b87a777773f4d67156f82a3e\"\u003e\u003ccode\u003e643571e\u003c/code\u003e\u003c/a\u003e ✅ add explicit test for client able to send body without abrupt disconnect\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/e86fa523753f8d54ad0687bf52fb20044b6fa309\"\u003e\u003ccode\u003ee86fa52\u003c/code\u003e\u003c/a\u003e fix error/abort handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/ca37779bf1f531a70af9977805380d0f51d293e2\"\u003e\u003ccode\u003eca37779\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/checkout from 4.1.1 to 6.0.2 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1374\"\u003e#1374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/13088f41e3bf8c3fc21d8c2867ffafb42470ed09\"\u003e\u003ccode\u003e13088f4\u003c/code\u003e\u003c/a\u003e chore(deps): bump actions/upload-artifact from 4.5.0 to 7.0.0 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1375\"\u003e#1375\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/multer/commit/bc6a1d1374f7ddc9baf9d22bf7c30f831c621e3a\"\u003e\u003ccode\u003ebc6a1d1\u003c/code\u003e\u003c/a\u003e chore(deps): bump github/codeql-action from 3.24.7 to 4.32.4 (\u003ca href=\"https://redirect.github.com/expressjs/multer/issues/1376\"\u003e#1376\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/expressjs/...\n\n_Description has been truncated_","html_url":"https://github.com/rorymclaughlin432/admin-dashboard-charts/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/rorymclaughlin432%2Fadmin-dashboard-charts/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"1.1.1","new_version":"1.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-22T22:43:48.000Z","version_change":"1.1.1 → 1.3.0","issue":{"uuid":"4505962056","node_id":"PR_kwDOMokASM7eg0_2","number":32,"state":"closed","title":"Bump the npm_and_yarn group across 1 directory with 12 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-23T00:13:35.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T22:43:48.000Z","updated_at":"2026-05-23T00:13:37.000Z","time_to_close":5387,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":12,"packages":[{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.27.1","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"fast-uri","old_version":"3.1.0","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"immutable","old_version":"5.1.3","new_version":"5.1.5","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"webpack","old_version":"5.101.3","new_version":"5.107.1","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 11 updates in the /maubot/management/frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.27.1` | `7.29.4` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.1.0` | `3.1.2` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `5.1.3` | `5.1.5` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.101.3` | `5.107.1` |\n\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.27.1 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.1.0 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `immutable` from 5.1.3 to 5.1.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/immutable-js/immutable-js/releases\"\u003eimmutable's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.1.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable\u003c/li\u003e\n\u003cli\u003eUpgrade devtools and use immutable version by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2158\"\u003eimmutable-js/immutable-js#2158\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v5.1.4...v5.1.5\"\u003ehttps://github.com/immutable-js/immutable-js/compare/v5.1.4...v5.1.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.1.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate some files to TS by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2125\"\u003eimmutable-js/immutable-js#2125\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eIterator.ts\u003c/li\u003e\n\u003cli\u003ePairSorting.ts\u003c/li\u003e\n\u003cli\u003etoJS.ts\u003c/li\u003e\n\u003cli\u003eMath.ts\u003c/li\u003e\n\u003cli\u003eHash.ts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eExtract CollectionHelperMethods and convert to TS by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2131\"\u003eimmutable-js/immutable-js#2131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse npm \u003ca href=\"https://docs.npmjs.com/trusted-publishers\"\u003etrusted publishing only\u003c/a\u003e to avoid token stealing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix/a11y issues by \u003ca href=\"https://github.com/lyannel\"\u003e\u003ccode\u003e@​lyannel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2136\"\u003eimmutable-js/immutable-js#2136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDoc add Map.get signature update by \u003ca href=\"https://github.com/borracciaBlu\"\u003e\u003ccode\u003e@​borracciaBlu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2138\"\u003eimmutable-js/immutable-js#2138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(doc):minor-issues#2132 by \u003ca href=\"https://github.com/JayMeDotDot\"\u003e\u003ccode\u003e@​JayMeDotDot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2133\"\u003eimmutable-js/immutable-js#2133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix algolia search by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2135\"\u003eimmutable-js/immutable-js#2135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTypo in OrderedMap by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2144\"\u003eimmutable-js/immutable-js#2144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: Sort all imports and activate eslint import rule by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2119\"\u003eimmutable-js/immutable-js#2119\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/JayMeDotDot\"\u003e\u003ccode\u003e@​JayMeDotDot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2133\"\u003eimmutable-js/immutable-js#2133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lyannel\"\u003e\u003ccode\u003e@​lyannel\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2136\"\u003eimmutable-js/immutable-js#2136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/borracciaBlu\"\u003e\u003ccode\u003e@​borracciaBlu\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2138\"\u003eimmutable-js/immutable-js#2138\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v5.1.3...v5.1.4\"\u003ehttps://github.com/immutable-js/immutable-js/compare/v5.1.3...v5.1.4\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md\"\u003eimmutable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.1.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate some files to TS by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2125\"\u003eimmutable-js/immutable-js#2125\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eIterator.ts\u003c/li\u003e\n\u003cli\u003ePairSorting.ts\u003c/li\u003e\n\u003cli\u003etoJS.ts\u003c/li\u003e\n\u003cli\u003eMath.ts\u003c/li\u003e\n\u003cli\u003eHash.ts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eExtract CollectionHelperMethods and convert to TS by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2131\"\u003eimmutable-js/immutable-js#2131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse npm \u003ca href=\"https://docs.npmjs.com/trusted-publishers\"\u003etrusted publishing only\u003c/a\u003e to avoid token stealing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix/a11y issues by \u003ca href=\"https://github.com/lyannel\"\u003e\u003ccode\u003e@​lyannel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2136\"\u003eimmutable-js/immutable-js#2136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDoc add Map.get signature update by \u003ca href=\"https://github.com/borracciaBlu\"\u003e\u003ccode\u003e@​borracciaBlu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2138\"\u003eimmutable-js/immutable-js#2138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(doc):minor-issues#2132 by \u003ca href=\"https://github.com/JayMeDotDot\"\u003e\u003ccode\u003e@​JayMeDotDot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2133\"\u003eimmutable-js/immutable-js#2133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix algolia search by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2135\"\u003eimmutable-js/immutable-js#2135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTypo in OrderedMap by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2144\"\u003eimmutable-js/immutable-js#2144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: Sort all imports and activate eslint import rule by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2119\"\u003eimmutable-js/immutable-js#2119\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/b37b85568632227751ddc8a16034cacc0f42b652\"\u003e\u003ccode\u003eb37b855\u003c/code\u003e\u003c/a\u003e 5.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/16b3313fdf2c5f579f10799e22869f6909abf945\"\u003e\u003ccode\u003e16b3313\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/fd2ef4977ee654c5bf26368dbf2f983c8d679bd6\"\u003e\u003ccode\u003efd2ef49\u003c/code\u003e\u003c/a\u003e fix new proto key injection\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/6734b7b2af7e9dadf517eb9473cc64d2dfe2e301\"\u003e\u003ccode\u003e6734b7b\u003c/code\u003e\u003c/a\u003e fix Prototype Pollution in mergeDeep, toJS, etc.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/6f772de1e44dcde14128e48d19081a7a077f2162\"\u003e\u003ccode\u003e6f772de\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/2175\"\u003e#2175\u003c/a\u003e from immutable-js/dependabot/npm_and_yarn/rollup-4.59.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/5f3dc61fd0e231654f04a850b8764e7e864c54b3\"\u003e\u003ccode\u003e5f3dc61\u003c/code\u003e\u003c/a\u003e Bump rollup from 4.34.8 to 4.59.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/049a594410962c13dfd0f2d0bf0ef2154271079e\"\u003e\u003ccode\u003e049a594\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/2173\"\u003e#2173\u003c/a\u003e from immutable-js/dependabot/npm_and_yarn/lodash-4.1...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/2481a77331122eea4ace8afd4842042c6ae7510c\"\u003e\u003ccode\u003e2481a77\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/2172\"\u003e#2172\u003c/a\u003e from mrazauskas/update-tstyche\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/eb047790b44dac8e5ace49529a5c9928edfc8e12\"\u003e\u003ccode\u003eeb04779\u003c/code\u003e\u003c/a\u003e Bump lodash from 4.17.21 to 4.17.23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/b973bf3b6242c9966143169825e1e14248c07c31\"\u003e\u003ccode\u003eb973bf3\u003c/code\u003e\u003c/a\u003e format\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v5.1.3...v5.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for immutable since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsonpath` from 1.1.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 2.79.2 to 2.80.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.80.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6277\"\u003e#6277\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d17ae15336a45c3c59b2a4aacac2b14186035d28\"\u003e\u003ccode\u003ed17ae15\u003c/code\u003e\u003c/a\u003e 2.80.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\"\u003e\u003ccode\u003ed6dee5e\u003c/code\u003e\u003c/a\u003e Validate bundle stays within output dir (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rollup/rollup/compare/v2.79.2...v2.80.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `underscore` from 1.12.1 to 1.13.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/bd2d35c87620a7da36250a006c97fdae89f4902d\"\u003e\u003ccode\u003ebd2d35c\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'upstream/master'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/2e7c0f2841f5d2d0172ee42a762193898a663e30\"\u003e\u003ccode\u003e2e7c0f2\u003c/code\u003e\u003c/a\u003e Update generated files, tag 1.13.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/732cafe9f580b6ee8fcb2102fe1babb65b29b810\"\u003e\u003ccode\u003e732cafe\u003c/code\u003e\u003c/a\u003e Underscore 1.13.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/e8f86fb4c670ff00abade85064c4a9cf4456fbbd\"\u003e\u003ccode\u003ee8f86fb\u003c/code\u003e\u003c/a\u003e Add changelog entry for versioin 1.13.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/43e827a166f3bdff061e0372dec73f42e6a225e1\"\u003e\u003ccode\u003e43e827a\u003c/code\u003e\u003c/a\u003e Bump the version to 1.13.6 (hotfix)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1c1d1a278a8c617c3be052cafcb1717910e0e64a\"\u003e\u003ccode\u003e1c1d1a2\u003c/code\u003e\u003c/a\u003e Remove patch-package postinstall script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4eb6894351edf20d589d2c2df7f20befeaf4a3e8\"\u003e\u003ccode\u003e4eb6894\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/2974\"\u003e#2974\u003c/a\u003e from paulsmithkc/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/2edcdc18b64db878b887a6047300e724995481e4\"\u003e\u003ccode\u003e2edcdc1\u003c/code\u003e\u003c/a\u003e Hostfix for broken builds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/66ee70d746399b3446a700492bc62f4117d4a21b\"\u003e\u003ccode\u003e66ee70d\u003c/code\u003e\u003c/a\u003e Verify that production and doc builds still work in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/68e5eb68635548846b4663479b9d0fc78d090b0a\"\u003e\u003ccode\u003e68e5eb6\u003c/code\u003e\u003c/a\u003e Update generated sources, tag 1.13.5 release\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.12.1...1.13.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webpack` from 5.101.3 to 5.107.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/releases\"\u003ewebpack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.107.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAlign the experimental HTML tokenizer with the WHATWG spec: fix offset-range bugs in the script-data, content-mode end-tag, attribute-value, and EOF states; surface tokenizer parse errors to consumers via a new \u003ccode\u003eparseError\u003c/code\u003e callback (\u003ccode\u003e\u0026quot;warning\u0026quot;\u003c/code\u003e when the tokenizer recovers and the emitted token is still well-formed, \u003ccode\u003e\u0026quot;error\u0026quot;\u003c/code\u003e when the offset range is incomplete — e.g. \u003ccode\u003eeof-in-tag\u003c/code\u003e); and add the full WHATWG named character references table so \u003ccode\u003edecodeHtmlEntities\u003c/code\u003e handles all named entities (including legacy bare forms like \u003ccode\u003e\u0026amp;AMP\u003c/code\u003e and multi-code-point entities like \u003ccode\u003e\u0026amp;NotEqualTilde;\u003c/code\u003e) with proper longest-prefix backtracking. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21000\"\u003e#21000\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eTree-shake CommonJS modules imported through a \u003ccode\u003econst NAME = require(LITERAL)\u003c/code\u003e binding when only static members of \u003ccode\u003eNAME\u003c/code\u003e are read. Previously webpack treated every export of such modules as referenced (because the bare \u003ccode\u003erequire()\u003c/code\u003e dependency reports \u003ccode\u003eEXPORTS_OBJECT_REFERENCED\u003c/code\u003e), so unused \u003ccode\u003eexports.x = ...\u003c/code\u003e assignments remained in the bundle even with \u003ccode\u003eusedExports\u003c/code\u003e enabled. The parser now forwards \u003ccode\u003eNAME.x\u003c/code\u003e / \u003ccode\u003eNAME.x()\u003c/code\u003e / \u003ccode\u003eNAME[\u0026quot;x\u0026quot;]\u003c/code\u003e accesses to the underlying \u003ccode\u003eCommonJsRequireDependency\u003c/code\u003e as referenced exports, falling back to the full exports object the moment \u003ccode\u003eNAME\u003c/code\u003e is read in any other context (passed by value, destructured later, accessed with a dynamic key, …). This brings the binding form to parity with the existing destructuring form (\u003ccode\u003econst { x } = require(...)\u003c/code\u003e). (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21003\"\u003e#21003\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eRangeError: Maximum call stack size exceeded\u003c/code\u003e thrown from \u003ccode\u003eHarmonyImportSideEffectDependency.getModuleEvaluationSideEffectsState\u003c/code\u003e on long linear chains of side-effect-free imports. \u003ccode\u003eNormalModule.getSideEffectsConnectionState\u003c/code\u003e previously descended through \u003ccode\u003eHarmonyImportSideEffectDependency.getModuleEvaluationSideEffectsState\u003c/code\u003e recursively, adding two stack frames per module, which overflowed V8's stack at a few thousand modules deep. The traversal is now iterative. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20993\"\u003e#20993\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003eNormalModuleFactory\u003c/code\u003e parser/generator types: (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20999\"\u003e#20999\u003c/a\u003e)\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003emodule.generator.html\u003c/code\u003e now uses \u003ccode\u003eHtmlGeneratorOptions\u003c/code\u003e instead of \u003ccode\u003eEmptyGeneratorOptions\u003c/code\u003e (the \u003ccode\u003eextract\u003c/code\u003e option was hidden from the \u003ccode\u003ecreateGenerator\u003c/code\u003e / \u003ccode\u003egenerator\u003c/code\u003e hook types).\u003c/li\u003e\n\u003cli\u003eWebAssembly (\u003ccode\u003ewebassembly/async\u003c/code\u003e, \u003ccode\u003ewebassembly/sync\u003c/code\u003e) generator hooks now use \u003ccode\u003eEmptyGeneratorOptions\u003c/code\u003e instead of \u003ccode\u003eEmptyParserOptions\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eNormalModuleFactory#getParser\u003c/code\u003e / \u003ccode\u003ecreateParser\u003c/code\u003e / \u003ccode\u003egetGenerator\u003c/code\u003e / \u003ccode\u003ecreateGenerator\u003c/code\u003e are now generic over the module-type string, returning the specific parser/generator class for known types (e.g. \u003ccode\u003eJavascriptParser\u003c/code\u003e for \u003ccode\u003e\u0026quot;javascript/auto\u0026quot;\u003c/code\u003e, \u003ccode\u003eCssGenerator\u003c/code\u003e for \u003ccode\u003e\u0026quot;css\u0026quot;\u003c/code\u003e, etc.) instead of always returning the base \u003ccode\u003eParser\u003c/code\u003e / \u003ccode\u003eGenerator\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eNormalModuleCreateData\u003c/code\u003e is now generic over the module type so \u003ccode\u003eparser\u003c/code\u003e, \u003ccode\u003eparserOptions\u003c/code\u003e, \u003ccode\u003egenerator\u003c/code\u003e, and \u003ccode\u003egeneratorOptions\u003c/code\u003e are narrowed to the specific class / options for the given \u003ccode\u003etype\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eLink import bindings used inside \u003ccode\u003edefine(...)\u003c/code\u003e callbacks in ES modules. Previously, \u003ccode\u003eHarmonyDetectionParserPlugin\u003c/code\u003e skipped walking the arguments of \u003ccode\u003edefine\u003c/code\u003e calls in harmony modules, so references to imported bindings inside an inline AMD \u003ccode\u003edefine\u003c/code\u003e factory (e.g. \u003ccode\u003edefine(function () { console.log(foo); })\u003c/code\u003e) were not rewritten to their imported references and could cause \u003ccode\u003eReferenceError\u003c/code\u003e at runtime. Inner graph usage analysis is also fixed for the related pattern \u003ccode\u003econst fn = function () { foo; }; define(fn);\u003c/code\u003e. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20990\"\u003e#20990\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eHTML-entry pipeline (\u003ccode\u003eexperiments.html\u003c/code\u003e + \u003ccode\u003eexperiments.css\u003c/code\u003e): emit \u003ccode\u003e\u0026lt;link rel=\u0026quot;stylesheet\u0026quot;\u0026gt;\u003c/code\u003e tags for CSS chunks reachable from a \u003ccode\u003e\u0026lt;script src\u0026gt;\u003c/code\u003e entry. Previously when the bundled JS imported CSS, the resulting \u003ccode\u003e.css\u003c/code\u003e file was emitted to disk but never referenced from the extracted HTML (no \u003ccode\u003e\u0026lt;link\u0026gt;\u003c/code\u003e tag), and when \u003ccode\u003esplitChunks\u003c/code\u003e extracted CSS into sibling chunks the HTML cloned the originating \u003ccode\u003e\u0026lt;script\u0026gt;\u003c/code\u003e for each one — producing \u003ccode\u003e\u0026lt;script src=\u0026quot;style.js\u0026quot;\u0026gt;\u003c/code\u003e pointing at non-existent JS filenames instead of \u003ccode\u003e\u0026lt;link rel=\u0026quot;stylesheet\u0026quot; href=\u0026quot;style.css\u0026quot;\u0026gt;\u003c/code\u003e. CSS chunks are now sorted by the entrypoint's module post-order index so the \u003ccode\u003e\u0026lt;link\u0026gt;\u003c/code\u003e tags also appear in source import order, fixing the cascade ordering issue documented in \u003ccode\u003ehtml-webpack-plugin#1838\u003c/code\u003e and \u003ccode\u003ewebpack/mini-css-extract-plugin#959\u003c/code\u003e for HTML-entry builds. \u003ccode\u003enonce\u003c/code\u003e/\u003ccode\u003ecrossorigin\u003c/code\u003e/\u003ccode\u003ereferrerpolicy\u003c/code\u003e are copied from the originating tag onto the emitted \u003ccode\u003e\u0026lt;link\u0026gt;\u003c/code\u003e. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21002\"\u003e#21002\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow \u003ccode\u003edevtool\u003c/code\u003e and \u003ccode\u003eSourceMapDevToolPlugin\u003c/code\u003e (or multiple \u003ccode\u003eSourceMapDevToolPlugin\u003c/code\u003e instances) to coexist on the same asset. Previously the second instance would silently skip any asset whose \u003ccode\u003einfo.related.sourceMap\u003c/code\u003e had already been set by an earlier instance, and even when it ran the asset had been rewrapped as a \u003ccode\u003eRawSource\u003c/code\u003e so no source map could be recovered — producing an empty \u003ccode\u003e.map\u003c/code\u003e file. The plugin now keeps a per-compilation stash of pristine source maps, namespaces its persistent cache entries by the options that affect output, and appends additional \u003ccode\u003erelated.sourceMap\u003c/code\u003e entries instead of overwriting them. The classic workaround of pairing \u003ccode\u003edevtool: 'hidden-source-map'\u003c/code\u003e with a \u003ccode\u003enew webpack.SourceMapDevToolPlugin({ filename: '[file].secondary.map', noSources: true })\u003c/code\u003e now produces both maps in a single build. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21001\"\u003e#21001\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNarrow \u003ccode\u003eTemplatePathFn\u003c/code\u003e callback types by context. \u003ccode\u003epathData.chunk\u003c/code\u003e is now non-optional for chunk filename callbacks (\u003ccode\u003eoutput.filename\u003c/code\u003e, \u003ccode\u003echunkFilename\u003c/code\u003e, \u003ccode\u003ecssFilename\u003c/code\u003e, \u003ccode\u003ecssChunkFilename\u003c/code\u003e, \u003ccode\u003ehtmlFilename\u003c/code\u003e, \u003ccode\u003ehtmlChunkFilename\u003c/code\u003e, \u003ccode\u003eoptimization.splitChunks.cacheGroups[*].filename\u003c/code\u003e), and \u003ccode\u003epathData.module\u003c/code\u003e is non-optional for module filename callbacks (\u003ccode\u003eoutput.assetModuleFilename\u003c/code\u003e, per-module \u003ccode\u003egenerator.filename\u003c/code\u003e / \u003ccode\u003egenerator.outputPath\u003c/code\u003e, \u003ccode\u003emodule.parser.css.localIdentName\u003c/code\u003e). (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20987\"\u003e#20987\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eTighten the \u003ccode\u003eCreateData\u003c/code\u003e typedef in \u003ccode\u003eNormalModuleFactory\u003c/code\u003e. \u003ccode\u003eCreateData\u003c/code\u003e now represents the fully-populated value passed to the \u003ccode\u003ecreateModule\u003c/code\u003e, \u003ccode\u003emodule\u003c/code\u003e, and \u003ccode\u003ecreateModuleClass\u003c/code\u003e hooks (\u003ccode\u003eNormalModuleCreateData \u0026amp; { settings: ModuleSettings }\u003c/code\u003e), while \u003ccode\u003eResolveData.createData\u003c/code\u003e is typed as \u003ccode\u003ePartial\u0026lt;CreateData\u0026gt;\u003c/code\u003e to reflect the empty initial state. Plugins tapping those hooks no longer need to cast individual fields away from optional. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20992\"\u003e#20992\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eStop \u003ccode\u003ewebpackPrefetch\u003c/code\u003e / \u003ccode\u003ewebpackPreload\u003c/code\u003e magic comments from leaking across \u003ccode\u003eimport()\u003c/code\u003e call sites that share a \u003ccode\u003ewebpackChunkName\u003c/code\u003e. When two imports targeted the same named chunk and only one of them set \u003ccode\u003ewebpackPrefetch: true\u003c/code\u003e, the prefetch directive was applied from every parent chunk that referenced the named chunk. Prefetch and preload orders are now resolved per \u003ccode\u003eimport()\u003c/code\u003e call site instead of from the shared chunk group's accumulated options. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20994\"\u003e#20994\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix \u003ccode\u003e[fullhash:N]\u003c/code\u003e and \u003ccode\u003e[hash:N]\u003c/code\u003e (with length suffix) in \u003ccode\u003eoutput.publicPath\u003c/code\u003e not being interpolated at runtime. The detection regex in \u003ccode\u003eRuntimePlugin\u003c/code\u003e only matched \u003ccode\u003e[fullhash]\u003c/code\u003e / \u003ccode\u003e[hash]\u003c/code\u003e without a length suffix, so the \u003ccode\u003ePublicPathRuntimeModule\u003c/code\u003e was not flagged as a full-hash module and \u003ccode\u003e__webpack_require__.p\u003c/code\u003e was emitted with the placeholder \u003ccode\u003eXXXX\u003c/code\u003e left in place (e.g. \u003ccode\u003eout/XXXX/\u003c/code\u003e) instead of the real hash truncated to the requested length. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21004\"\u003e#21004\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eRe-export \u003ccode\u003eModuleNotFoundError\u003c/code\u003e from \u003ccode\u003ewebpack/lib/ModuleNotFoundError\u003c/code\u003e for backward compatibility with old plugins that import it from that path. This re-export will be removed in webpack 6. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20988\"\u003e#20988\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.107.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003emodule.generator.javascript.anonymousDefaultExportName\u003c/code\u003e option to control whether webpack sets \u003ccode\u003e.name\u003c/code\u003e to \u003ccode\u003e\u0026quot;default\u0026quot;\u003c/code\u003e for anonymous default export functions and classes per ES spec. Defaults to \u003ccode\u003etrue\u003c/code\u003e for applications and \u003ccode\u003efalse\u003c/code\u003e for libraries (when \u003ccode\u003eoutput.library\u003c/code\u003e is set) to avoid unnecessary bundle size overhead. Also extract anonymous default export \u003ccode\u003e.name\u003c/code\u003e fix-up into a shared runtime helper (\u003ccode\u003e__webpack_require__.dn\u003c/code\u003e), replacing repeated inline \u003ccode\u003eObject.defineProperty\u003c/code\u003e / \u003ccode\u003eObject.getOwnPropertyDescriptor\u003c/code\u003e calls with a single short call per module to reduce output size. (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20894\"\u003e#20894\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport module concatenation (scope hoisting) for CSS modules with \u003ccode\u003etext\u003c/code\u003e, \u003ccode\u003ecss-style-sheet\u003c/code\u003e, \u003ccode\u003estyle\u003c/code\u003e, and \u003ccode\u003elink\u003c/code\u003e export types (by \u003ca href=\"https://github.com/xiaoxiaojx\"\u003e\u003ccode\u003e@​xiaoxiaojx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20851\"\u003e#20851\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe \u003ccode\u003egenerator.exportsConvention\u003c/code\u003e function form for CSS modules now accepts \u003ccode\u003estring[]\u003c/code\u003e in addition to \u003ccode\u003estring\u003c/code\u003e. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20914\"\u003e#20914\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003elinkInsert\u003c/code\u003e hook to \u003ccode\u003eCssLoadingRuntimeModule.getCompilationHooks(compilation)\u003c/code\u003e so plugin developers can control where stylesheet \u003ccode\u003e\u0026lt;link\u0026gt;\u003c/code\u003e elements are inserted into the document. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20947\"\u003e#20947\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd \u003ccode\u003eCssModulesPlugin.getCompilationHooks(compilation).orderModules\u003c/code\u003e hook. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20978\"\u003e#20978\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd a \u003ccode\u003epure\u003c/code\u003e parser option for \u003ccode\u003ecss/module\u003c/code\u003e and \u003ccode\u003ecss/auto\u003c/code\u003e types matching \u003ccode\u003epostcss-modules-local-by-default\u003c/code\u003e's pure mode: every selector must contain at least one local class or id, otherwise webpack emits a build error. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20946\"\u003e#20946\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSupport CSS Modules \u003ccode\u003e@value\u003c/code\u003e identifiers as \u003ccode\u003e@import\u003c/code\u003e URLs and inside \u003ccode\u003eurl()\u003c/code\u003e functions, e.g. \u003ccode\u003e@value path: \u0026quot;./other.css\u0026quot;; @import path;\u003c/code\u003e and \u003ccode\u003e@value bg: \u0026quot;./image.png\u0026quot;; .a { background: url(bg); }\u003c/code\u003e (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20925\"\u003e#20925\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd experimental TypeScript support via \u003ccode\u003eexperiments.typescript: true\u003c/code\u003e (auto-enabled by \u003ccode\u003eexperiments.futureDefaults\u003c/code\u003e). Uses Node.js's built-in \u003ccode\u003emodule.stripTypeScriptTypes\u003c/code\u003e (Node.js \u0026gt;= 22.6 with the stable \u003ccode\u003emode: \u0026quot;strip\u0026quot;\u003c/code\u003e API, including Node.js 26) to transform \u003ccode\u003e.ts\u003c/code\u003e, \u003ccode\u003e.cts\u003c/code\u003e, \u003ccode\u003e.mts\u003c/code\u003e, \u003ccode\u003edata:text/typescript\u003c/code\u003e, and \u003ccode\u003edata:application/typescript\u003c/code\u003e modules — no type checking, only erasable TypeScript (types, generics, \u003ccode\u003eimport type\u003c/code\u003e, casts). \u003ccode\u003e.tsx\u003c/code\u003e/JSX and non-erasable syntax (\u003ccode\u003eenum\u003c/code\u003e, \u003ccode\u003enamespace\u003c/code\u003e, parameter-property constructors, decorator metadata) are NOT supported; use a TSX-capable loader (e.g. \u003ccode\u003ets-loader\u003c/code\u003e, \u003ccode\u003eswc-loader\u003c/code\u003e) for those. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/20964\"\u003e#20964\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/blob/main/CHANGELOG.md\"\u003ewebpack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.107.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAlign the experimental HTML tokenizer with the WHATWG spec: fix offset-range bugs in the script-data, content-mode end-tag, attribute-value, and EOF states; surface tokenizer parse errors to consumers via a new \u003ccode\u003eparseError\u003c/code\u003e callback (\u003ccode\u003e\u0026quot;warning\u0026quot;\u003c/code\u003e when the tokenizer recovers and the emitted token is still well-formed, \u003ccode\u003e\u0026quot;error\u0026quot;\u003c/code\u003e when the offset range is incomplete — e.g. \u003ccode\u003eeof-in-tag\u003c/code\u003e); and add the full WHATWG named character references table so \u003ccode\u003edecodeHtmlEntities\u003c/code\u003e handles all named entities (including legacy bare forms like \u003ccode\u003e\u0026amp;AMP\u003c/code\u003e and multi-code-point entities like \u003ccode\u003e\u0026amp;NotEqualTilde;\u003c/code\u003e) with proper longest-prefix backtracking. (by \u003ca href=\"https://github.com/alexander-akait\"\u003e\u003ccode\u003e@​alexander-akait\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webpack/webpack/pull/21000\"\u003e#21000\u003c/a\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eTree-shake CommonJS modules imported through a \u003ccode\u003econst NAME = require(LITERAL)\u003c/code\u003e binding when only static members of \u003ccode\u003eNAME\u003c/code\u003e are read. Previously webpack treated every export of such modules as referenced (because the bare \u003ccode\u003erequire()\u003c/code\u003e dependency reports \u003ccode\u003eEXPORTS_OBJECT_REFERENCED\u003c/code\u003e), so unused \u003ccode\u003eexports.x = ...\u003c/code\u003e assignments remained in the bundle even with \u003ccode\u003eusedExports\u003c/code\u003e enabled. The parser now forwards \u003ccode\u003eNAME.x\u003c/code\u003e / \u003ccode\u003eNAME.x()\u003c/code\u003e / \u003ccode\u003eNAME[\u0026quot;x\u0026quot;]\u003c/code\u003e accesses to the underlying \u003ccode\u003eCommonJsRequireDependency\u003c/code\u003e as referenced exports, falling back to the full exports object th...\n\n_Description has been truncated_","html_url":"https://github.com/tcpipuk/maubot/pull/32","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/tcpipuk%2Fmaubot/issues/32","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/32/packages"}},{"old_version":"1.1.1","new_version":"1.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-22T05:37:25.000Z","version_change":"1.1.1 → 1.3.0","issue":{"uuid":"4500144155","node_id":"PR_kwDOR-G2Z87eN80m","number":2,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 27 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-24T09:29:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T05:37:25.000Z","updated_at":"2026-05-24T09:29:29.000Z","time_to_close":186723,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":27,"packages":[{"name":"@langchain/community","old_version":"0.2.18","new_version":"1.1.18","repository_url":"https://github.com/langchain-ai/langchainjs-community"},{"name":"next","old_version":"14.2.5","new_version":"15.5.18","repository_url":"https://github.com/vercel/next.js"},{"name":"postcss","old_version":"8.4.49","new_version":"8.5.10","repository_url":"https://github.com/postcss/postcss"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.24.7","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"ajv","old_version":"6.12.6","new_version":"8.20.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"yaml","old_version":"2.4.5","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"ws","old_version":"8.18.0","new_version":"8.20.1","repository_url":"https://github.com/websockets/ws"},{"name":"minimatch","old_version":"3.1.2","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"path-to-regexp","old_version":"0.1.7","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"2.79.1","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"socket.io-parser","old_version":"4.2.4","new_version":"4.2.6","repository_url":"https://github.com/socketio/socket.io"},{"name":"webpack","old_version":"5.93.0","new_version":"5.107.1","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 17 updates in the /recipes/natural_language_processing/chatbot-nodejs/app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@langchain/community](https://github.com/langchain-ai/langchainjs-community) | `0.2.18` | `1.1.18` |\n| [next](https://github.com/vercel/next.js) | `14.2.5` | `15.5.18` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.49` | `8.5.10` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.24.7` | `7.29.4` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `8.20.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `2.1.0` |\n| [yaml](https://github.com/eemeli/yaml) | `2.4.5` | `2.9.0` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [ws](https://github.com/websockets/ws) | `8.18.0` | `8.20.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `9.0.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.7` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.1` | `2.80.0` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.4` | `4.2.6` |\n| [webpack](https://github.com/webpack/webpack) | `5.93.0` | `5.107.1` |\n\nBumps the npm_and_yarn group with 20 updates in the /recipes/natural_language_processing/rag-nodejs/app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@langchain/community](https://github.com/langchain-ai/langchainjs-community) | `0.3.48` | `1.1.18` |\n| [next](https://github.com/vercel/next.js) | `14.2.23` | `15.5.18` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.49` | `8.5.10` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.25.9` | `7.29.4` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `8.20.0` |\n| [yaml](https://github.com/eemeli/yaml) | `2.7.0` | `2.9.0` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [ws](https://github.com/websockets/ws) | `8.18.0` | `8.20.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `9.0.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.2` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.4` | `4.2.6` |\n| [webpack](https://github.com/webpack/webpack) | `5.97.1` | `5.107.1` |\n| [axios](https://github.com/axios/axios) | `1.7.4` | `1.16.1` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.5` | `3.1.2` |\n| [tar](https://github.com/isaacs/node-tar) | `6.2.1` | `removed` |\n\n\nUpdates `@langchain/community` from 0.2.18 to 1.1.18\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/langchain-ai/langchainjs-community/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​langchain/community\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 14.2.5 to 15.5.18\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev15.5.18\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6\"\u003eGHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.16\u003c/h2\u003e\n\u003cp\u003eThis release contains security fixes for the following advisories:\u003c/p\u003e\n\u003cp\u003eHigh:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-8h8q-6873-q5fj\"\u003eGHSA-8h8q-6873-q5fj: Denial of Service with Server Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f\"\u003eGHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx\"\u003eGHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv\"\u003eGHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r\"\u003eGHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5\"\u003eGHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eModerate:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-ffhc-5mcf-pf4q\"\u003eGHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-gx5p-jg67-6x7h\"\u003eGHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh\"\u003eGHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-wfc6-r584-vfw7\"\u003eGHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eLow:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-vfv6-92ff-j949\"\u003eGHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/security/advisories/GHSA-3g8h-86w9-wvmq\"\u003eGHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev15.5.15\u003c/h2\u003e\n\u003cp\u003ePlease refer the following changelogs for more information about this security release:\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev15.5.14\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec\"\u003e\u003ccode\u003e9ff92ce\u003c/code\u003e\u003c/a\u003e v15.5.18\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/00ebe23562bd7eb32dd78730984bfadb47138bcf\"\u003e\u003ccode\u003e00ebe23\u003c/code\u003e\u003c/a\u003e [backport] Disable build caches for production/staging/force-preview deploys ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/62c97ab0b5825e2cbc15f6b682d8286a8dd6a038\"\u003e\u003ccode\u003e62c97ab\u003c/code\u003e\u003c/a\u003e v15.5.17\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/423623ae38c106273085b66946ee5bf9aab77f2c\"\u003e\u003ccode\u003e423623a\u003c/code\u003e\u003c/a\u003e Turbopack: Match proxy matchers with webpack implementation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93594\"\u003e#93594\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fa787399b38d9aa702118f9bd23a8315b9f0ecc6\"\u003e\u003ccode\u003efa78739\u003c/code\u003e\u003c/a\u003e Turbopack: Fix middleware matcher suffix (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93590\"\u003e#93590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36e62c6eb7813e42d409eb487f93b829f4ad77e8\"\u003e\u003ccode\u003e36e62c6\u003c/code\u003e\u003c/a\u003e [backport] Turbopack: more strict vergen setup (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93588\"\u003e#93588\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/36589b5db512b7704cdadd873cbe49b6dbcc9261\"\u003e\u003ccode\u003e36589b5\u003c/code\u003e\u003c/a\u003e [backport][test] Pin package manager to patch versions (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/93596\"\u003e#93596\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/ad6fd4e50e5aba20b60d283c42b89273a3167ccd\"\u003e\u003ccode\u003ead6fd4e\u003c/code\u003e\u003c/a\u003e v15.5.16\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/79d7dff1448483f0c8f187f98887b31019f6e494\"\u003e\u003ccode\u003e79d7dff\u003c/code\u003e\u003c/a\u003e Ignore malformed CSP nonce headers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/c4f69086cc8dcbd81b1dbc321c98ea874d90d6f8\"\u003e\u003ccode\u003ec4f6908\u003c/code\u003e\u003c/a\u003e router-server: guard upgrade proxy against absolute-url SSRF (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/77\"\u003e#77\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v14.2.5...v15.5.18\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for next since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.4.49 to 8.5.10\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003ePostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e during \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/1995\"\u003ehis work\u003c/a\u003e on \u003ca href=\"https://stylelint.io\"\u003eStylelint\u003c/a\u003e added \u003ccode\u003eInput#document\u003c/code\u003e in additional to \u003ccode\u003eInput#css\u003c/code\u003e.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eroot.source.input.document //=\u0026gt; \u0026quot;\u0026lt;p\u0026gt;Hello\u0026lt;/p\u0026gt;\r\n                           //    \u0026lt;style\u0026gt;\r\n                           //    p {\r\n                           //      color: green;\r\n                           //    }\r\n                           //    \u0026lt;/style\u0026gt;\u0026quot;\r\nroot.source.input.css      //=\u0026gt; \u0026quot;p {\r\n                           //      color: green;\r\n                           //    }\u0026quot;\r\n\u003cp\u003e\u0026lt;/tr\u0026gt;\u0026lt;/table\u0026gt;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eInput#document\u003c/code\u003e for sources like CSS-in-JS or HTML (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/33b9790263dc1562a46ce45d9532bd63e95b7986\"\u003e\u003ccode\u003e33b9790\u003c/code\u003e\u003c/a\u003e Release 8.5.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/536c79e4b01e58a3a56b09c3c0cf2323f4b9a28b\"\u003e\u003ccode\u003e536c79e\u003c/code\u003e\u003c/a\u003e Escape \u0026lt;/style\u0026gt; in CSS output (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2074\"\u003e#2074\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/afa96b2a139ce625c4d27973313479c7c85f39d4\"\u003e\u003ccode\u003eafa96b2\u003c/code\u003e\u003c/a\u003e Update dependencies (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2073\"\u003e#2073\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/effe88bb87cabdc1876e02adbdd30f392f19f40d\"\u003e\u003ccode\u003eeffe88b\u003c/code\u003e\u003c/a\u003e Typo (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2072\"\u003e#2072\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ee79a2c4a11e41d52db50b444eebe38299495ad\"\u003e\u003ccode\u003e3ee79a2\u003c/code\u003e\u003c/a\u003e Thread model (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2071\"\u003e#2071\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/2e0683daca4dc2919211b03774f6b2d137136c01\"\u003e\u003ccode\u003e2e0683d\u003c/code\u003e\u003c/a\u003e Create incident response docs (\u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2070\"\u003e#2070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/fe88ac29c06b7b218be32994cdc6ca1525bdf2c9\"\u003e\u003ccode\u003efe88ac2\u003c/code\u003e\u003c/a\u003e Release 8.5.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/c551632496b87ab3f1965bfda5dc386b6c71963e\"\u003e\u003ccode\u003ec551632\u003c/code\u003e\u003c/a\u003e Avoid RegExp when we can use simple JS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/89a6b744060eb8dee743351c785a9fbe37d4525a\"\u003e\u003ccode\u003e89a6b74\u003c/code\u003e\u003c/a\u003e Move SECURITY.txt for docs folder to keep GitHub page cleaner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/6ceb8a46af9f9de821faee98f861bdf84617347b\"\u003e\u003ccode\u003e6ceb8a4\u003c/code\u003e\u003c/a\u003e Create SECURITY.md\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.4.49...8.5.10\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.24.7 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cd24cc07ef6558b7f6510f9177f6393c91b0549f\"\u003e\u003ccode\u003ecd24cc0\u003c/code\u003e\u003c/a\u003e chore: Update TS 5.7 (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17053\"\u003e#17053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 8.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.17.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebump version to 8.17.1 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2472\"\u003eajv-validator/ajv#2472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.0...v8.17.1\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.0...v8.17.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePlus everything in 8.17.0 which failed to release\u003c/h2\u003e\n\u003cp\u003eThe only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.\u003c/p\u003e\n\u003cp\u003eRevert \u0026quot;Revert fast-uri change (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2444\"\u003eajv-validator/ajv#2444\u003c/a\u003e)\u0026quot; by \u003ca href=\"https://github.com/gurgunday\"\u003e\u003ccode\u003e@​gurgunday\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2448\"\u003eajv-validator/ajv#2448\u003c/a\u003e\nfix: ignore new eslint error for \u003ccode\u003e@​typescript-eslint/no-extraneous-class\u003c/code\u003e by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2455\"\u003eajv-validator/ajv#2455\u003c/a\u003e\ndocs: clarify behaviour of addVocabulary by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2454\"\u003eajv-validator/ajv#2454\u003c/a\u003e\ndocs: refactor to improve legibility by \u003ca href=\"https://github.com/blottn\"\u003e\u003ccode\u003e@​blottn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2432\"\u003eajv-validator/ajv#2432\u003c/a\u003e\nFix grammatical typo in managing-schemas.md by \u003ca href=\"https://github.com/wetneb\"\u003e\u003ccode\u003e@​wetneb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2305\"\u003eajv-validator/ajv#2305\u003c/a\u003e\ndocs: Fix broken strict-mode link by \u003ca href=\"https://github.com/alexanderjsx\"\u003e\u003ccode\u003e@​alexanderjsx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2459\"\u003eajv-validator/ajv#2459\u003c/a\u003e\nfeat: add test for encoded refs and bump fast-uri by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2449\"\u003eajv-validator/ajv#2449\u003c/a\u003e\nfix: changes for \u003ccode\u003e@​typescript-eslint/array-type\u003c/code\u003e rule by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2467\"\u003eajv-validator/ajv#2467\u003c/a\u003e\nfixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2217\"\u003eajv-validator/ajv#2217\u003c/a\u003e - clarify custom keyword naming by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2457\"\u003eajv-validator/ajv#2457\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.17.0\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 2.x  14f1d91\u003c/li\u003e\n\u003cli\u003efmt  ed7780a\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  36603d5\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v2.0.1...v2.0.2\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v2.0.1...v2.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1ee4a9069c69a51bd502aab289c0c6629c8920ca\"\u003e\u003ccode\u003e1ee4a90\u003c/code\u003e\u003c/a\u003e 2.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/b0302ac153ecfaad66752aac79bf30d2895db8f1\"\u003e\u003ccode\u003eb0302ac\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v2 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/100\"\u003e#100\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/73b5459d2ab973c984d01324769d306f66440c7e\"\u003e\u003ccode\u003e73b5459\u003c/code\u003e\u003c/a\u003e 2.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5\"\u003e\u003ccode\u003e311ac0d\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v to v2 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/96\"\u003e#96\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/a3efcee659ef0fb381e2b50d759c720900580a15\"\u003e\u003ccode\u003ea3efcee\u003c/code\u003e\u003c/a\u003e 2.0.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/14f1d91b0523ffb0c8bbe6a28dc98ddc56ae53bc\"\u003e\u003ccode\u003e14f1d91\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 2.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ed7780ab1cb8a7696f1813b5a945fcc70d8d1990\"\u003e\u003ccode\u003eed7780a\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/36603d5f3599a37af9e85eda30acd7d28599c36e\"\u003e\u003ccode\u003e36603d5\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/b9c0e57027317a8d0a56a7ccee28fc478d847da2\"\u003e\u003ccode\u003eb9c0e57\u003c/code\u003e\u003c/a\u003e 2.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/4d96d7dbca632806263efb0da8d1e9d8a2143cc2\"\u003e\u003ccode\u003e4d96d7d\u003c/code\u003e\u003c/a\u003e switch to fork of matcha that works on node\u0026gt;12\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.4.5 to 2.9.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.9.0\u003c/h2\u003e\n\u003cp\u003eThe changes here are really only patches, but I'm releasing this as a minor version to note a small change to the documentation of \u003ccode\u003eparseDocument()\u003c/code\u003e and \u003ccode\u003eparseAllDocuments()\u003c/code\u003e: I've removed the claim that they'll \u0026quot;never throw\u0026quot;.\u003c/p\u003e\n\u003cp\u003eIt remains the case that practically all non-malicious inputs will be handled without emitting an error, but there is a decent chance that code paths remain where e.g. a RangeError due to call stack exhaustion can be triggered by malicious inputs. Up to now, I've considered these as security vulnerabilities, and in fact it's the only category of error for which \u003ccode\u003eyaml\u003c/code\u003e CVEs have been issued so far.\u003c/p\u003e\n\u003cp\u003eStarting from this release, I'll be considering such errors as bugs, but not vulnerabilities. I do welcome people and/or LLMs looking for them, but please report them as normal issues rather than suspected security vulnerabilities. This also applies to previously undiscovered bugs in earlier releases.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: Avoid calling \u003ccode\u003eArray.prototype.push.apply()\u003c/code\u003e with large source array\u003c/li\u003e\n\u003cli\u003efix(lexer): Avoid recursive calls that may exhaust the call stack\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDisable alias resolution with \u003ccode\u003emaxAliasCount:0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle invalid unicode escapes (e1a1a77)\u003c/li\u003e\n\u003cli\u003eApply \u003ccode\u003eminFractionDigits\u003c/code\u003e only to decimal strings (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSerialize -0 as -0 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/638\"\u003e#638\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not double newlines for empty map values (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/642\"\u003e#642\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve empty block literals (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/634\"\u003e#634\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd node cache for faster alias resolution (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRe-introduce compatibility with Node.js 14.6 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/614\"\u003e#614\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--merge\u003c/code\u003e option to CLI tool (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/611\"\u003e#611\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error for tag resolution error on null value (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow empty string as plain scalar representation, for failsafe schema (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: include cli example (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/617\"\u003e#617\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDo not allow seq with single-line collection value on same line with map key (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/603\"\u003e#603\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove warning \u0026amp; avoid TypeError on bad YAML 1.1 nodes (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.7.0\u003c/h2\u003e\n\u003cp\u003eThe library is now available on JSR as \u003ca href=\"https://jsr.io/@eemeli/yaml\"\u003e@​eemeli/yaml\u003c/a\u003e and on deno.land/x as \u003ca href=\"https://deno.land/x/yaml\"\u003eyaml\u003c/a\u003e. In addition to Node.js and browsers, it should work in Deno, Bun, and Cloudflare Workers.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse .ts extension in all relative imports (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/591\"\u003e#591\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore newline after block seq indicator as space before value (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/590\"\u003e#590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire Node.js 14.18 or later (was 14.6) (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/598\"\u003e#598\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDo not strip \u003ccode\u003e:00\u003c/code\u003e seconds from \u003ccode\u003e!!timestamp\u003c/code\u003e values (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/578\"\u003e#578\u003c/a\u003e, with thanks to \u003ca href=\"https://github.com/qraynaud\"\u003e\u003ccode\u003e@​qraynaud\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTighten regexp for JSON \u003ccode\u003e!!bool\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/587\"\u003e#587\u003c/a\u003e, with thanks to \u003ca href=\"https://github.com/vra5107\"\u003e\u003ccode\u003e@​vra5107\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDefault to literal block scalar if folded would overflow (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/585\"\u003e#585\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ddb21b04cb889722cec8f89dc1b67f19d62d7f7d\"\u003e\u003ccode\u003eddb21b0\u003c/code\u003e\u003c/a\u003e 2.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/167365befdae1f03d53d47a8c6533140a9d48a75\"\u003e\u003ccode\u003e167365b\u003c/code\u003e\u003c/a\u003e docs: Clarify that not all errors can be avoided\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6eca2a7087548f86c4edb6a7cf2cdfe548759f06\"\u003e\u003ccode\u003e6eca2a7\u003c/code\u003e\u003c/a\u003e fix: Avoid calling Array.prototype.push.apply() with large source array\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/0543cd57fd61ea15a58e9f0ec2064b8b408177d8\"\u003e\u003ccode\u003e0543cd5\u003c/code\u003e\u003c/a\u003e fix(lexer): Avoid recursive calls that may exhaust the call stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ccdf7439587544f64223429498a1d9ec514eaac1\"\u003e\u003ccode\u003eccdf743\u003c/code\u003e\u003c/a\u003e 2.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/f625789dbd971c936ff66fe5c49e368062ae7b41\"\u003e\u003ccode\u003ef625789\u003c/code\u003e\u003c/a\u003e fix: Disable alias resolution with maxAliasCount:0 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/e1a1a7735ff2e9717b87af36795bcd280f85f55d\"\u003e\u003ccode\u003ee1a1a77\u003c/code\u003e\u003c/a\u003e fix: Handle invalid unicode escapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a163ea009c57ab9f1054ca39b24b6ef4c1e9fdbe\"\u003e\u003ccode\u003ea163ea0\u003c/code\u003e\u003c/a\u003e style: Satify Prettier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/b2a5a6c615673056917aaa04d657802945e81425\"\u003e\u003ccode\u003eb2a5a6c\u003c/code\u003e\u003c/a\u003e fix: Apply minFractionDigits only to decimal strings (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/93c951b3478b4bb061d7b5227fd64f46d3f9df7f\"\u003e\u003ccode\u003e93c951b\u003c/code\u003e\u003c/a\u003e chore: Bump JSR version to v2.8.3 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.4.5...v2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 1.10.2 to 1.10.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/eemeli/yaml/releases\"\u003eyaml's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.9.0\u003c/h2\u003e\n\u003cp\u003eThe changes here are really only patches, but I'm releasing this as a minor version to note a small change to the documentation of \u003ccode\u003eparseDocument()\u003c/code\u003e and \u003ccode\u003eparseAllDocuments()\u003c/code\u003e: I've removed the claim that they'll \u0026quot;never throw\u0026quot;.\u003c/p\u003e\n\u003cp\u003eIt remains the case that practically all non-malicious inputs will be handled without emitting an error, but there is a decent chance that code paths remain where e.g. a RangeError due to call stack exhaustion can be triggered by malicious inputs. Up to now, I've considered these as security vulnerabilities, and in fact it's the only category of error for which \u003ccode\u003eyaml\u003c/code\u003e CVEs have been issued so far.\u003c/p\u003e\n\u003cp\u003eStarting from this release, I'll be considering such errors as bugs, but not vulnerabilities. I do welcome people and/or LLMs looking for them, but please report them as normal issues rather than suspected security vulnerabilities. This also applies to previously undiscovered bugs in earlier releases.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: Avoid calling \u003ccode\u003eArray.prototype.push.apply()\u003c/code\u003e with large source array\u003c/li\u003e\n\u003cli\u003efix(lexer): Avoid recursive calls that may exhaust the call stack\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDisable alias resolution with \u003ccode\u003emaxAliasCount:0\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHandle invalid unicode escapes (e1a1a77)\u003c/li\u003e\n\u003cli\u003eApply \u003ccode\u003eminFractionDigits\u003c/code\u003e only to decimal strings (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003etrailingComma\u003c/code\u003e ToString option for multiline flow formatting (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCatch stack overflow during node composition (1e84ebb)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSerialize -0 as -0 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/638\"\u003e#638\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDo not double newlines for empty map values (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/642\"\u003e#642\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePreserve empty block literals (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/634\"\u003e#634\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd node cache for faster alias resolution (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/612\"\u003e#612\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRe-introduce compatibility with Node.js 14.6 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/614\"\u003e#614\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003e--merge\u003c/code\u003e option to CLI tool (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/611\"\u003e#611\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove error for tag resolution error on null value (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow empty string as plain scalar representation, for failsafe schema (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/616\"\u003e#616\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edocs: include cli example (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/617\"\u003e#617\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDo not allow seq with single-line collection value on same line with map key (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/603\"\u003e#603\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eImprove warning \u0026amp; avoid TypeError on bad YAML 1.1 nodes (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/610\"\u003e#610\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.7.0\u003c/h2\u003e\n\u003cp\u003eThe library is now available on JSR as \u003ca href=\"https://jsr.io/@eemeli/yaml\"\u003e@​eemeli/yaml\u003c/a\u003e and on deno.land/x as \u003ca href=\"https://deno.land/x/yaml\"\u003eyaml\u003c/a\u003e. In addition to Node.js and browsers, it should work in Deno, Bun, and Cloudflare Workers.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse .ts extension in all relative imports (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/591\"\u003e#591\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eIgnore newline after block seq indicator as space before value (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/590\"\u003e#590\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRequire Node.js 14.18 or later (was 14.6) (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/598\"\u003e#598\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDo not strip \u003ccode\u003e:00\u003c/code\u003e seconds from \u003ccode\u003e!!timestamp\u003c/code\u003e values (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/578\"\u003e#578\u003c/a\u003e, with thanks to \u003ca href=\"https://github.com/qraynaud\"\u003e\u003ccode\u003e@​qraynaud\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTighten regexp for JSON \u003ccode\u003e!!bool\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/587\"\u003e#587\u003c/a\u003e, with thanks to \u003ca href=\"https://github.com/vra5107\"\u003e\u003ccode\u003e@​vra5107\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDefault to literal block scalar if folded would overflow (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/585\"\u003e#585\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ddb21b04cb889722cec8f89dc1b67f19d62d7f7d\"\u003e\u003ccode\u003eddb21b0\u003c/code\u003e\u003c/a\u003e 2.9.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/167365befdae1f03d53d47a8c6533140a9d48a75\"\u003e\u003ccode\u003e167365b\u003c/code\u003e\u003c/a\u003e docs: Clarify that not all errors can be avoided\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6eca2a7087548f86c4edb6a7cf2cdfe548759f06\"\u003e\u003ccode\u003e6eca2a7\u003c/code\u003e\u003c/a\u003e fix: Avoid calling Array.prototype.push.apply() with large source array\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/0543cd57fd61ea15a58e9f0ec2064b8b408177d8\"\u003e\u003ccode\u003e0543cd5\u003c/code\u003e\u003c/a\u003e fix(lexer): Avoid recursive calls that may exhaust the call stack\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/ccdf7439587544f64223429498a1d9ec514eaac1\"\u003e\u003ccode\u003eccdf743\u003c/code\u003e\u003c/a\u003e 2.8.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/f625789dbd971c936ff66fe5c49e368062ae7b41\"\u003e\u003ccode\u003ef625789\u003c/code\u003e\u003c/a\u003e fix: Disable alias resolution with maxAliasCount:0 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/677\"\u003e#677\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/e1a1a7735ff2e9717b87af36795bcd280f85f55d\"\u003e\u003ccode\u003ee1a1a77\u003c/code\u003e\u003c/a\u003e fix: Handle invalid unicode escapes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a163ea009c57ab9f1054ca39b24b6ef4c1e9fdbe\"\u003e\u003ccode\u003ea163ea0\u003c/code\u003e\u003c/a\u003e style: Satify Prettier\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/b2a5a6c615673056917aaa04d657802945e81425\"\u003e\u003ccode\u003eb2a5a6c\u003c/code\u003e\u003c/a\u003e fix: Apply minFractionDigits only to decimal strings (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/676\"\u003e#676\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/93c951b3478b4bb061d7b5227fd64f46d3f9df7f\"\u003e\u003ccode\u003e93c951b\u003c/code\u003e\u003c/a\u003e chore: Bump JSR version to v2.8.3 (\u003ca href=\"https://redirect.github.com/eemeli/yaml/issues/673\"\u003e#673\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/eemeli/yaml/compare/v2.4.5...v2.9.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ws` from 8.18.0 to 8.20.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/websockets/ws/releases\"\u003ews's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.20.1\u003c/h2\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed an uninitialized memory disclosure issue in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\n(c0327ec1).\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eProviding a \u003ccode\u003eTypedArray\u003c/code\u003e (e.g. \u003ccode\u003eFloat32Array\u003c/code\u003e) as the \u003ccode\u003ereason\u003c/code\u003e argument for\n\u003ccode\u003ewebsocket.close()\u003c/code\u003e, rather than the supported string or \u003ccode\u003eBuffer\u003c/code\u003e types, caused\nuninitialized memory to be disclosed to the remote peer.\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003eimport { deepStrictEqual } from 'node:assert';\r\nimport { WebSocket, WebSocketServer } from 'ws';\r\n\u003cp\u003econst wss = new WebSocketServer(\n{ port: 0, skipUTF8Validation: true },\nfunction () {\nconst { port } = wss.address();\nconst ws = new WebSocket(\u003ccode\u003ews://localhost:${port}\u003c/code\u003e, {\nskipUTF8Validation: true\n});\u003c/p\u003e\n\u003cpre\u003e\u003ccode\u003ews.on('close', function (code, reason) {\r\n  deepStrictEqual(reason, Buffer.alloc(80));\r\n});\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003e}\n);\u003c/p\u003e\n\u003cp\u003ewss.on('connection', function (ws) {\nws.close(1000, new Float32Array(20));\n});\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003cp\u003eThe issue was privately reported by \u003ca href=\"https://github.com/ChALkeR\"\u003eNikita Skovoroda\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e8.20.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded exports for the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and utilities for the\n\u003ccode\u003eSec-WebSocket-Extensions\u003c/code\u003e and \u003ccode\u003eSec-WebSocket-Protocol\u003c/code\u003e headers (d3503c1f).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.19.0\u003c/h2\u003e\n\u003ch1\u003eFeatures\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdded the \u003ccode\u003ecloseTimeout\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/websockets/ws/issues/2308\"\u003e#2308\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003eBug fixes\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eHandled a forthcoming breaking change in Node.js core (19984854).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5d9b316230ea931532a6671cc450f18c11edd02f\"\u003e\u003ccode\u003e5d9b316\u003c/code\u003e\u003c/a\u003e [dist] 8.20.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086\"\u003e\u003ccode\u003ec0327ec\u003c/code\u003e\u003c/a\u003e [security] Fix uninitialized memory disclosure in \u003ccode\u003ewebsocket.close()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/ce2a3d62437995a47e6056d485a33d21b6a8f867\"\u003e\u003ccode\u003ece2a3d6\u003c/code\u003e\u003c/a\u003e [ci] Test on node 26\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/58e45b872bb0f35a3edd553c27e105300a4f5bd0\"\u003e\u003ccode\u003e58e45b8\u003c/code\u003e\u003c/a\u003e [ci] Do not test on node 25\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/5f26c245231a4b018479a9269e8c3da4773fe42f\"\u003e\u003ccode\u003e5f26c24\u003c/code\u003e\u003c/a\u003e [ci] Run the lint step on node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/843925544e2f4cffe445e0179947f56d6c5b608f\"\u003e\u003ccode\u003e8439255\u003c/code\u003e\u003c/a\u003e [dist] 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/d3503c1fd36a310985108f62b343bae18346ab67\"\u003e\u003ccode\u003ed3503c1\u003c/code\u003e\u003c/a\u003e [minor] Export the \u003ccode\u003ePerMessageDeflate\u003c/code\u003e class and header utils\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/3ee5349a0b1580f6e1f347b59ec3371011bd8481\"\u003e\u003ccode\u003e3ee5349\u003c/code\u003e\u003c/a\u003e [api] Convert the \u003ccode\u003eisServer\u003c/code\u003e and \u003ccode\u003emaxPayload\u003c/code\u003e parameters to options\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/91707b470ebd803aaa3fd1e896217740f39267d4\"\u003e\u003ccode\u003e91707b4\u003c/code\u003e\u003c/a\u003e [doc] Add missing space\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/websockets/ws/commit/8b553192268810a83253e2a4a39ac16768e75bb3\"\u003e\u003ccode\u003e8b55319\u003c/code\u003e\u003c/a\u003e [pkg] Update eslint to version 10.0.1\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/websockets/ws/compare/8.18.0...8.20.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 9.0.9\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/isaacs/minimatch/blob/main/changelog.md\"\u003eminimatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003echange log\u003c/h1\u003e\n\u003ch2\u003e10.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ebraceExpandMax\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003emagicalBraces\u003c/code\u003e option for \u003ccode\u003eescape\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when \u003ccode\u003epartial: true\u003c/code\u003e is set.\u003c/li\u003e\n\u003cli\u003eFix \u003ccode\u003emakeRe\u003c/code\u003e when pattern ends in a final \u003ccode\u003e**\u003c/code\u003e path part.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e10.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRequire node 20 or 22 and higher\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e9.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo default export, only named exports.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRecursive descent parser for extglob, allowing correct support\nfor arbitrarily nested extglob expressions\u003c/li\u003e\n\u003cli\u003eBump required Node.js version\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eunescape()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdd \u003ccode\u003eMinimatch.hasMagic()\u003c/code\u003e method\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for posix character classes in a unicode-aware way.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003ewindowsNoMagicRoot\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e7.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd \u003ccode\u003eoptimizationLevel\u003c/code\u003e configuration option, and revert the\ndefault back to the 6.2 style minimal optimizations, making the\nadvanced transforms introduced in 7.0 opt-in. Also, process\nprovided file paths in the same way in optimizationLevel:2\nmode, so \u003cem\u003emost\u003c/em\u003e things that matched with optimizationLevel 1 or\n0 \u003cem\u003eshould\u003c/em\u003e match with level 2 as well. However, level 1 is the\ndefault, out of an abundance of caution.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/8a10e473e2e0ff03c2d4de308f257093af2bce21\"\u003e\u003ccode\u003e8a10e47\u003c/code\u003e\u003c/a\u003e 9.0.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/c6f180636cebd4de2f9af7ef29ca4c9bf2eeef02\"\u003e\u003ccode\u003ec6f1806\u003c/code\u003e\u003c/a\u003e brace-expansion@2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/446cfa3e2aa3ef45bd4a27fa4418221e158489f6\"\u003e\u003ccode\u003e446cfa3\u003c/code\u003e\u003c/a\u003e 9.0.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/8fa151ab95fd4e2acd6e1a81f10d02dc7c1098d3\"\u003e\u003ccode\u003e8fa151a\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/71b78a2a4cad3a40af08a39c065e71bbf69ea7f7\"\u003e\u003ccode\u003e71b78a2\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/2de496f6d9362dd92460f35ffa6ff8de2907244b\"\u003e\u003ccode\u003e2de496f\u003c/code\u003e\u003c/a\u003e 9.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/0d4616de9193bf1d359271662e92657bb51b2f75\"\u003e\u003ccode\u003e0d4616d\u003c/code\u003e\u003c/a\u003e limit nested extglob recursion, flatten extglobs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7117ef381e74deace1c62a74d2298c8fe61d10ca\"\u003e\u003ccode\u003e7117ef3\u003c/code\u003e\u003c/a\u003e 9.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/2418458b7fe82e0a1fd1a1b6f618c41c90b9848a\"\u003e\u003ccode\u003e2418458\u003c/code\u003e\u003c/a\u003e update deps, do not checkin dist\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1d1f531009d5e4a86083de37e5ef3f301e073986\"\u003e\u003ccode\u003e1d1f531\u003c/code\u003e\u003c/a\u003e update deps\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v9.0.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.6 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.9...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsonpath` from 1.1.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `langsmith` from 0.1.36 to 0.1.68\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/63fcf77db2190615a9558154d254771ca8ff79f3\"\u003e\u003ccode\u003e63fcf77\u003c/code\u003e\u003c/a\u003e safer exception (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/758\"\u003e#758\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/a39f66225b87b9ecdf70f4ec745f6cabc985273b\"\u003e\u003ccode\u003ea39f662\u003c/code\u003e\u003c/a\u003e cr\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/cdb8d918367dec39cdd64a911c4ed45d7f3e2048\"\u003e\u003ccode\u003ecdb8d91\u003c/code\u003e\u003c/a\u003e safer exception\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/ad3cb2dc0de74d071c6e29ea30db98b9ab61542a\"\u003e\u003ccode\u003ead3cb2d\u003c/code\u003e\u003c/a\u003e [Python] Infer parent_run_id in from_dotted_order (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/754\"\u003e#754\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/4863cf88b2ae7376b026a8bfdf57dfb00ff81082\"\u003e\u003ccode\u003e4863cf8\u003c/code\u003e\u003c/a\u003e [Python] Handoff Bugs (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/753\"\u003e#753\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/2ad492baf7639b219481ec619c4a8fece4b663d9\"\u003e\u003ccode\u003e2ad492b\u003c/code\u003e\u003c/a\u003e fix(js): add missing callbacks when evaluating a runnable (\u003ca href=\"https://redirect.github.com/langchain-ai/langsmith-sdk/issues/748\"\u003e#748\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/26a626e1dcf4a422544256c210433d1d560b22cd\"\u003e\u003ccode\u003e26a626e\u003c/code\u003e\u003c/a\u003e Allow overriding the metadata\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/langchain-ai/langsmith-sdk/commit/edccdb17deaa8a79dd3dd2a491a7e4f713235938\"\u003e\u003ccode\u003eedccdb1\u003c/code\u003e\u003c/a\u003e [Python] ...\n\n_Description has been truncated_","html_url":"https://github.com/Kaairofelipe/ai-lab-recipes/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Kaairofelipe%2Fai-lab-recipes/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}},{"old_version":"1.1.1","new_version":"1.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-16T01:52:01.000Z","version_change":"1.1.1 → 1.3.0","issue":{"uuid":"4458120779","node_id":"PR_kwDOOkJiQ87cIHeU","number":36,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 25 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-16T01:52:01.000Z","updated_at":"2026-05-16T01:53:40.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":25,"packages":[{"name":"axios","old_version":"1.9.0","new_version":"1.15.2","repository_url":"https://github.com/axios/axios"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.27.1","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"@xmldom/xmldom","old_version":"0.8.10","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"ajv","old_version":"8.17.1","new_version":"8.20.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"brace-expansion","old_version":"2.0.1","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"9.0.5","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"form-data","old_version":"3.0.3","new_version":"3.0.4","repository_url":"https://github.com/form-data/form-data"},{"name":"immutable","old_version":"5.1.1","new_version":"5.1.5","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"on-headers","old_version":"1.0.2","new_version":"1.1.0","repository_url":"https://github.com/jshttp/on-headers"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"2.7.1","new_version":"2.9.0","repository_url":"https://github.com/eemeli/yaml"},{"name":"react-router","old_version":"7.5.3","new_version":"7.15.1","repository_url":"https://github.com/remix-run/react-router"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"socket.io-parser","old_version":"4.2.4","new_version":"4.2.6","repository_url":"https://github.com/socketio/socket.io"},{"name":"webpack","old_version":"5.99.7","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 22 updates in the /client directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.9.0` | `1.15.2` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.27.1` | `7.29.4` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.10` | `0.8.13` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.20.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [form-data](https://github.com/form-data/form-data) | `3.0.3` | `3.0.4` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `5.1.1` | `5.1.5` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [yaml](https://github.com/eemeli/yaml) | `2.7.1` | `2.9.0` |\n| [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `7.5.3` | `7.15.1` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.4` | `4.2.6` |\n| [webpack](https://github.com/webpack/webpack) | `5.99.7` | `5.106.2` |\n\n\nUpdates `axios` from 1.9.0 to 1.15.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eLocation\u003c/code\u003e Request Header Type:\u003c/strong\u003e Adds \u003ccode\u003eLocation\u003c/code\u003e to \u003ccode\u003eCommonRequestHeadersList\u003c/code\u003e for accurate typing of redirect-aware requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7528\"\u003e#7528\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormData Handling:\u003c/strong\u003e Removes \u003ccode\u003eContent-Type\u003c/code\u003e when no boundary is present on \u003ccode\u003eFormData\u003c/code\u003e fetch requests, supports multi-select fields, cancels \u003ccode\u003erequest.body\u003c/code\u003e instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7314\"\u003e#7314\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10676\"\u003e#10676\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10702\"\u003e#10702\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10726\"\u003e#10726\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter:\u003c/strong\u003e Handles socket-only request errors without leaking keep-alive listeners. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10576\"\u003e#10576\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProgress Events:\u003c/strong\u003e Clamps \u003ccode\u003eloaded\u003c/code\u003e to \u003ccode\u003etotal\u003c/code\u003e for computable upload/download progress events. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7458\"\u003e#7458\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes:\u003c/strong\u003e Aligns \u003ccode\u003erunWhen\u003c/code\u003e type with the runtime behaviour in \u003ccode\u003eInterceptorManager\u003c/code\u003e and makes response header keys case-insensitive. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7529\"\u003e#7529\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10677\"\u003e#10677\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ebuildFullPath\u003c/code\u003e:\u003c/strong\u003e Uses strict equality in the base/relative URL check. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7252\"\u003e#7252\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eAxiosURLSearchParams\u003c/code\u003e Regex:\u003c/strong\u003e Improves the regex used for param serialisation to avoid edge-case mismatches. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10736\"\u003e#10736\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eResilient Value Parsing:\u003c/strong\u003e Parses out header/config values instead of throwing on malformed input. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10687\"\u003e#10687\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2 - April 21, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.15.1 - April 19, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/582934382e4e0e0bcb679c628071a4203e93cf57\"\u003e\u003ccode\u003e5829343\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10789\"\u003e#10789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4709a48fa2717ba97f43f5432d48ca4e26c2d326\"\u003e\u003ccode\u003e4709a48\u003c/code\u003e\u003c/a\u003e fix: added fix for memory leak in sockets (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/be3336014e01f9a4fc1f8aef15303cf7daaf58db\"\u003e\u003ccode\u003ebe33360\u003c/code\u003e\u003c/a\u003e chore: update changelog (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa\"\u003e\u003ccode\u003e4791514\u003c/code\u003e\u003c/a\u003e fix: more header pollutions (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/6feafcff6c2dbafe206161c5d09e38e1d36af66f\"\u003e\u003ccode\u003e6feafcf\u003c/code\u003e\u003c/a\u003e fix: socket issue (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/302e2739c602f00e323d4f3f5c79500647633a73\"\u003e\u003ccode\u003e302e273\u003c/code\u003e\u003c/a\u003e docs: update docs, add a couple actions etc (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ac42446be51300fe214ba3c6e40cc95f34fd6871\"\u003e\u003ccode\u003eac42446\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10767\"\u003e#10767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/908f2206b6bfeff67236784abce85935698ac1d9\"\u003e\u003ccode\u003e908f220\u003c/code\u003e\u003c/a\u003e docs: update threatmodel (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10765\"\u003e#10765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f93f8155250c2e066205521eda05ae22983a1f6d\"\u003e\u003ccode\u003ef93f815\u003c/code\u003e\u003c/a\u003e docs: added docs around potential decompressions bomb (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10763\"\u003e#10763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1728aa1b15b8857f970611fd8983c06b423fc486\"\u003e\u003ccode\u003e1728aa1\u003c/code\u003e\u003c/a\u003e fix: short-circuits on any truthy non-boolean in withXSRFToken (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.9.0...v1.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.27.1 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.14.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 4.1.0 to 4.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@xmldom/xmldom` from 0.8.10 to 0.8.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/releases\"\u003e@​xmldom/xmldom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e0.8.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/discussions/357\"\u003ehttps://github.com/xmldom/xmldom/discussions/357\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.8.11\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.10...0.8.11\"\u003e0.8.11\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate \u003ccode\u003eownerDocument\u003c/code\u003e when moving nodes between documents \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/933\"\u003e\u003ccode\u003e[#933](https://github.com/xmldom/xmldom/issues/933)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/932\"\u003e\u003ccode\u003e[#932](https://github.com/xmldom/xmldom/issues/932)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you, \u003ca href=\"https://github.com/shunkica\"\u003e\u003ccode\u003e@​shunkica\u003c/code\u003e\u003c/a\u003e, for your contributions\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md\"\u003e@​xmldom/xmldom's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003e0.8.13\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.9.8...0.9.9\"\u003e0.9.9\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimplement \u003ccode\u003eParentNode.children\u003c/code\u003e getter \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/960\"\u003e\u003ccode\u003e[#960](https://github.com/xmldom/xmldom/issues/960)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/410\"\u003e\u003ccode\u003e[#410](https://github.com/xmldom/xmldom/issues/410)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecorrectly traverse ancestor chain in \u003ccode\u003eNode.contains\u003c/code\u003e \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/931\"\u003e\u003ccode\u003e[#931](https://github.com/xmldom/xmldom/issues/931)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003ch3\u003eChore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/yoshi389111\"\u003e\u003ccode\u003e@​yoshi389111\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003e0.8.12\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e5c14802592685bb872c042c54c3f73758875c85\"\u003e\u003ccode\u003ee5c1480\u003c/code\u003e\u003c/a\u003e 0.8.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/9611e20d75f059dc377f806a8f7ee7d1eaeaeb7c\"\u003e\u003ccode\u003e9611e20\u003c/code\u003e\u003c/a\u003e style: drop unused import in test file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/dc4dff3d1d0b5a6b97c52fcc1823a735b8821e62\"\u003e\u003ccode\u003edc4dff3\u003c/code\u003e\u003c/a\u003e docs: add 0.8.13 changelog entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/842fa38deedd2d9a9c90d0ad54aa1be75d2a41bc\"\u003e\u003ccode\u003e842fa38\u003c/code\u003e\u003c/a\u003e fix: prevent stack overflow in normalize (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/aeff69f5a32e8c1bd540683da9e10718f84f595c\"\u003e\u003ccode\u003eaeff69f\u003c/code\u003e\u003c/a\u003e test: add normalize behavioral coverage to node.test.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/cbdb0d7db8ae70760bd4cc181cb8f30bb0cd9d88\"\u003e\u003ccode\u003ecbdb0d7\u003c/code\u003e\u003c/a\u003e fix: make walkDOM iterative to prevent stack overflow (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/0b543d31794dc198c86a0358574cb5dec29674c5\"\u003e\u003ccode\u003e0b543d3\u003c/code\u003e\u003c/a\u003e test: assert namespace declarations are isolated between siblings in serializ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/c007c51909587990c962cf3d5c2acadf4c897b87\"\u003e\u003ccode\u003ec007c51\u003c/code\u003e\u003c/a\u003e refactor: migrate serializeToString to walkDOM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/2bb3899074820089d9e76ce28a5edfdacf425025\"\u003e\u003ccode\u003e2bb3899\u003c/code\u003e\u003c/a\u003e test: add serializeToString coverage for uncovered branches\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e69f38d0a58731152d300e8c8eb29506f5f488fe\"\u003e\u003ccode\u003ee69f38d\u003c/code\u003e\u003c/a\u003e refactor: migrate importNode to walkDOM\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.10...0.8.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~karfau\"\u003ekarfau\u003c/a\u003e, a new releaser for \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.1 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: ...\n\n_Description has been truncated_","html_url":"https://github.com/realbrodiwhite/royalgamesclient/pull/36","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/realbrodiwhite%2Froyalgamesclient/issues/36","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/36/packages"}},{"old_version":"1.1.1","new_version":"1.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-12T19:11:04.000Z","version_change":"1.1.1 → 1.3.0","issue":{"uuid":"4431917120","node_id":"PR_kwDOKm4NMs7a0CGE","number":2008,"state":"closed","title":"chore(deps): bump the npm_and_yarn group across 4 directories with 21 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-14T01:33:35.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-12T19:11:04.000Z","updated_at":"2026-05-14T01:33:38.000Z","time_to_close":109351,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":21,"packages":[{"name":"@backstage/plugin-auth-backend","old_version":"0.14.1","new_version":"0.27.1","repository_url":"https://github.com/backstage/backstage"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.23.3","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"@backstage/integration","old_version":"1.13.0","new_version":"1.20.1","repository_url":"https://github.com/backstage/backstage"},{"name":"flatted","old_version":"3.2.9","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"handlebars","old_version":"4.7.8","new_version":"4.7.9","repository_url":"https://github.com/handlebars-lang/handlebars.js"},{"name":"immutable","old_version":"3.8.2","new_version":"3.8.3","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"2.79.1","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"svgo","old_version":"2.8.0","new_version":"2.8.2","repository_url":"https://github.com/svg/svgo"},{"name":"undici","old_version":"5.28.4","new_version":"5.29.0","repository_url":"https://github.com/nodejs/undici"},{"name":"webpack","old_version":"5.89.0","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 13 updates in the /dashboard directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@backstage/plugin-auth-backend](https://github.com/backstage/backstage/tree/HEAD/plugins/auth-backend) | `0.14.1` | `0.27.1` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.23.3` | `7.29.4` |\n| [@backstage/integration](https://github.com/backstage/backstage/tree/HEAD/packages/integration) | `1.13.0` | `1.20.1` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.9` | `3.4.2` |\n| [handlebars](https://github.com/handlebars-lang/handlebars.js) | `4.7.8` | `4.7.9` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `3.8.2` | `3.8.3` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.1` | `2.80.0` |\n| [svgo](https://github.com/svg/svgo) | `2.8.0` | `2.8.2` |\n| [undici](https://github.com/nodejs/undici) | `5.28.4` | `5.29.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.89.0` | `5.106.2` |\n\nBumps the npm_and_yarn group with 1 update in the /dashboard/packages/backend directory: [@backstage/plugin-auth-backend](https://github.com/backstage/backstage/tree/HEAD/plugins/auth-backend).\nBumps the npm_and_yarn group with 7 updates in the /rs/dre-canisters/node_status_canister directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [qs](https://github.com/ljharb/qs) | `6.11.0` | `6.15.1` |\n| [serialize-javascript](https://github.com/yahoo/serialize-javascript) | `6.0.1` | `6.0.2` |\n| [webpack](https://github.com/webpack/webpack) | `5.88.2` | `5.106.2` |\n\nBumps the npm_and_yarn group with 8 updates in the /rs/dre-canisters/trustworthy-node-metrics directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.25.0` | `7.29.4` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `4.3.7` | `4.3.8` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `3.29.4` | `3.30.0` |\n| [next](https://github.com/vercel/next.js) | `14.2.5` | `15.5.18` |\n\n\nUpdates `@backstage/plugin-auth-backend` from 0.14.1 to 0.27.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/backstage/backstage/blob/master/plugins/auth-backend/CHANGELOG.md\"\u003e@​backstage/plugin-auth-backend's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e\u003ccode\u003e@​backstage/plugin-auth-backend\u003c/code\u003e\u003c/h1\u003e\n\u003ch2\u003e0.28.1-next.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ee9b78e9: Removed the \u003ccode\u003euuid\u003c/code\u003e dependency and replaced usage with the built-in \u003ccode\u003ecrypto.randomUUID()\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eUpdated dependencies\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/catalog-model\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.8.1-next.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/plugin-catalog-node\u003c/code\u003e\u003ca href=\"https://github.com/2\"\u003e\u003ccode\u003e@​2\u003c/code\u003e\u003c/a\u003e.2.1-next.1\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/plugin-auth-node\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.7.1-next.1\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.28.1-next.0\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdated dependencies\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/errors\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.1-next.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/plugin-auth-node\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.7.1-next.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/backend-plugin-api\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.9.1-next.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/catalog-model\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.8.1-next.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/config\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.8-next.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/plugin-catalog-node\u003c/code\u003e\u003ca href=\"https://github.com/2\"\u003e\u003ccode\u003e@​2\u003c/code\u003e\u003c/a\u003e.2.1-next.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/types\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.2.2\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.28.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003ed7c67cd: \u003cstrong\u003eBREAKING\u003c/strong\u003e: The setting \u003ccode\u003eauth.omitIdentityTokenOwnershipClaim\u003c/code\u003e has had its default value switched to \u003ccode\u003etrue\u003c/code\u003e.\u003c/p\u003e\n\u003cp\u003eWith this setting Backstage user tokens issued by the \u003ccode\u003eauth\u003c/code\u003e backend will no longer contain an \u003ccode\u003eent\u003c/code\u003e claim - the one with the user's ownership entity refs. This means that tokens issued in large orgs no longer risk hitting HTTP header size limits.\u003c/p\u003e\n\u003cp\u003eTo get ownership info for the current user, code should use the \u003ccode\u003euserInfo\u003c/code\u003e core service. In practice code will typically already conform to this since the \u003ccode\u003eent\u003c/code\u003e claim has not been readily exposed in any other way for quite some time. But code which explicitly decodes Backstage tokens - which is strongly discouraged - may be affected by this change.\u003c/p\u003e\n\u003cp\u003eThe setting will remain for some time to allow it to be set back to \u003ccode\u003efalse\u003c/code\u003e if need be, but it will be removed entirely in a future release.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e482ceed: Migrated from \u003ccode\u003eassertError\u003c/code\u003e to \u003ccode\u003etoError\u003c/code\u003e for error handling.\u003c/li\u003e\n\u003cli\u003edc87ac1: Fixed CIMD redirect URI matching to allow any port for localhost addresses per RFC 8252 Section 7.3. Native CLI clients use ephemeral ports for OAuth callbacks, which are now accepted when the registered redirect URI uses a localhost address.\u003c/li\u003e\n\u003cli\u003eUpdated dependencies\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/backend-plugin-api\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.9.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/errors\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/plugin-auth-node\u003c/code\u003e\u003ca href=\"https://github.com/0\"\u003e\u003ccode\u003e@​0\u003c/code\u003e\u003c/a\u003e.7.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/catalog-model\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.8.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/plugin-catalog-node\u003c/code\u003e\u003ca href=\"https://github.com/2\"\u003e\u003ccode\u003e@​2\u003c/code\u003e\u003c/a\u003e.2.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/config\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.7\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.28.0-next.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/backstage/backstage/commits/HEAD/plugins/auth-backend\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.23.3 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cd24cc07ef6558b7f6510f9177f6393c91b0549f\"\u003e\u003ccode\u003ecd24cc0\u003c/code\u003e\u003c/a\u003e chore: Update TS 5.7 (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17053\"\u003e#17053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@backstage/integration` from 1.13.0 to 1.20.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/backstage/backstage/blob/master/packages/integration/CHANGELOG.md\"\u003e@​backstage/integration's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e\u003ccode\u003e@​backstage/integration\u003c/code\u003e\u003c/h1\u003e\n\u003ch2\u003e2.0.2-next.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e6b112d3: Fixed two issues in the GitLab integration's fetch behavior:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe internal fetch wrapper was passing \u003ccode\u003emode: 'same-origin'\u003c/code\u003e on every request. This had no practical effect server-side, but would have caused cross-origin requests to be rejected when the integration is used from a browser. Requests now use the default fetch mode and work correctly in both browser and Node environments.\u003c/li\u003e\n\u003cli\u003eWhen retries are configured, transient network errors (such as dropped connections or DNS hiccups) are now retried using the same \u003ccode\u003emaxRetries\u003c/code\u003e and exponential delay as retryable HTTP status codes. Previously, a thrown fetch error would propagate immediately on the first failure regardless of the retry configuration. Caller-initiated aborts continue to surface immediately without being retried.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.2-next.0\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eb62781f: Moved \u003ccode\u003eregisterMswTestHooks\u003c/code\u003e to test files.\u003c/li\u003e\n\u003cli\u003eUpdated dependencies\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/errors\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.1-next.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/config\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.8-next.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed112499: Fixed \u003ccode\u003eSingleInstanceGithubCredentialsProvider\u003c/code\u003e to return app credentials when \u003ccode\u003egetCredentials\u003c/code\u003e is called with a bare host URL (e.g. \u003ccode\u003ehttps://github.com\u003c/code\u003e) instead of falling back to a personal access token.\u003c/li\u003e\n\u003cli\u003eUpdated dependencies\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/errors\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/config\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.7\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.1-next.0\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed112499: Fixed \u003ccode\u003eSingleInstanceGithubCredentialsProvider\u003c/code\u003e to return app credentials when \u003ccode\u003egetCredentials\u003c/code\u003e is called with a bare host URL (e.g. \u003ccode\u003ehttps://github.com\u003c/code\u003e) instead of falling back to a personal access token.\u003c/li\u003e\n\u003cli\u003eUpdated dependencies\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/errors\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.0-next.0\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e@​backstage/config\u003c/code\u003e\u003ca href=\"https://github.com/1\"\u003e\u003ccode\u003e@​1\u003c/code\u003e\u003c/a\u003e.3.7-next.0\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e2.0.0\u003c/h2\u003e\n\u003ch3\u003eMajor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e527cf88: \u003cstrong\u003eBREAKING\u003c/strong\u003e Removed deprecated Azure DevOps, Bitbucket, Gerrit and GitHub code:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFor Azure DevOps, the long deprecated \u003ccode\u003etoken\u003c/code\u003e string and \u003ccode\u003ecredential\u003c/code\u003e object have been removed from the \u003ccode\u003econfig.d.ts\u003c/code\u003e. Use the \u003ccode\u003ecredentials\u003c/code\u003e array object instead.\u003c/li\u003e\n\u003cli\u003eFor Bitbucket, the long deprecated \u003ccode\u003ebitbucket\u003c/code\u003e object has been removed from the \u003ccode\u003econfig.d.ts\u003c/code\u003e. Use the \u003ccode\u003ebitbucketCloud\u003c/code\u003e or \u003ccode\u003ebitbucketServer\u003c/code\u003e objects instead.\u003c/li\u003e\n\u003cli\u003eFor Gerrit, the \u003ccode\u003eparseGerritGitilesUrl\u003c/code\u003e function has been removed, use \u003ccode\u003eparseGitilesUrlRef\u003c/code\u003e instead. The \u003ccode\u003ebuildGerritGitilesArchiveUrl\u003c/code\u003e function has also been removed, use \u003ccode\u003ebuildGerritGitilesArchiveUrlFromLocation\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003eFor GitHub, the \u003ccode\u003egetGitHubRequestOptions\u003c/code\u003e function has been removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/backstage/backstage/commit/c8a8aac2af9975fa1d7659adf7bb2cffcaf4e2fe\"\u003e\u003ccode\u003ec8a8aac\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/backstage/backstage/commit/4aa43f62aa3806843dd24975af4d705d4b75a2eb\"\u003e\u003ccode\u003e4aa43f6\u003c/code\u003e\u003c/a\u003e chore(deps): update dependency cross-fetch to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/backstage/backstage/commit/f577e1176fc55854ec1b6c26409b17cd498ca967\"\u003e\u003ccode\u003ef577e11\u003c/code\u003e\u003c/a\u003e Version Packages (next)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/backstage/backstage/commit/11153a019d8c27cd321c82ead3dda484bb1822f8\"\u003e\u003ccode\u003e11153a0\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'upstream/master' into entra-rename\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/backstage/backstage/commit/ad7d38c4b68823cfff5c5ddadcc7050130573149\"\u003e\u003ccode\u003ead7d38c\u003c/code\u003e\u003c/a\u003e fix tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/backstage/backstage/commit/243c655a68da03c094bed295d2e8072828b6df5e\"\u003e\u003ccode\u003e243c655\u003c/code\u003e\u003c/a\u003e Updated \u003ccode\u003eAzure Active Directory\u003c/code\u003e to \u003ccode\u003eEntra ID\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/backstage/backstage/commit/8cdb8c2e40f24a59a2fc1aacdf60b8712446e0f8\"\u003e\u003ccode\u003e8cdb8c2\u003c/code\u003e\u003c/a\u003e Version Packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/backstage/backstage/commit/e43d3eb1b722f116d6b2f371c42ae3305c371e88\"\u003e\u003ccode\u003ee43d3eb\u003c/code\u003e\u003c/a\u003e Version Packages (next)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/backstage/backstage/commit/0b55f773a75125227c50a839b98b72053cb88b71\"\u003e\u003ccode\u003e0b55f77\u003c/code\u003e\u003c/a\u003e Removed some unused dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/backstage/backstage/commit/bea36177129a4e37c6d5de032266ed5d136b437f\"\u003e\u003ccode\u003ebea3617\u003c/code\u003e\u003c/a\u003e Version Packages (next)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/backstage/backstage/commits/v1.20.1/packages/integration\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.7.4 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.16.0 — May 2, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds support for the QUERY HTTP method and a new \u003ccode\u003eECONNREFUSED\u003c/code\u003e error constant, lands a substantial wave of HTTP, fetch, and XHR adapter bug fixes around redirects, aborts, headers, and timeouts, and welcomes 23 new contributors.\u003c/p\u003e\n\u003ch2\u003e⚠️ Notable Changes\u003c/h2\u003e\n\u003cp\u003eA handful of fixes in this release are either security-adjacent or change observable behaviour. Please review before upgrading:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFetch adapter now enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e and \u003ccode\u003emaxContentLength\u003c/code\u003e.\u003c/strong\u003e These limits were silently ignored on the fetch adapter prior to 1.16.0 — anyone relying on them as a safety net (DoS protection, accidental large uploads) had no protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy requests now preserve user-supplied \u003ccode\u003eHost\u003c/code\u003e headers.\u003c/strong\u003e Previously, the proxy path could overwrite a custom \u003ccode\u003eHost\u003c/code\u003e. Virtual-host-style routing through a proxy will now behave correctly. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBasic auth credentials embedded in URLs are now URL-decoded.\u003c/strong\u003e If you have percent-encoded credentials in a URL (e.g. \u003ccode\u003ehttps://user:p%40ss@host\u003c/code\u003e), the decoded value is what now goes on the wire. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eparseProtocol\u003c/code\u003e now strictly requires a colon in the protocol separator.\u003c/strong\u003e Strings that loosely parsed as protocols before may no longer match. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecated \u003ccode\u003eunescape()\u003c/code\u003e replaced with modern UTF-8 encoding.\u003c/strong\u003e Non-ASCII URL handling is now spec-correct; consumers depending on legacy \u003ccode\u003eunescape()\u003c/code\u003e quirks may see different output bytes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003etransformRequest\u003c/code\u003e input typing change was reverted.\u003c/strong\u003e The typing change introduced in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e was reverted in \u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e after follow-up review — net behavior is unchanged from 1.15.2. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eQUERY HTTP Method:\u003c/strong\u003e Added support for the QUERY HTTP method across adapters and type definitions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10802\"\u003e#10802\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eECONNREFUSED Error Constant:\u003c/strong\u003e Exposed \u003ccode\u003eECONNREFUSED\u003c/code\u003e as a constant on \u003ccode\u003eAxiosError\u003c/code\u003e so callers can match connection-refused failures without comparing string literals (closes \u003ca href=\"https://redirect.github.com/axios/axios/issues/6485\"\u003e#6485\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eEncode Helper Export:\u003c/strong\u003e Exported the internal \u003ccode\u003eencode\u003c/code\u003e helper from \u003ccode\u003ebuildURL\u003c/code\u003e so userland param serializers can reuse the same encoding logic that axios uses internally. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6897\"\u003e#6897\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Redirects \u0026amp; Headers:\u003c/strong\u003e Cleared stale headers when a redirect targets a no-proxy host, fixed the redirect listener chain so listeners no longer stack across hops, restored the missing \u003ccode\u003erequestDetails\u003c/code\u003e argument on \u003ccode\u003ebeforeRedirect\u003c/code\u003e, preserved user-supplied \u003ccode\u003eHost\u003c/code\u003e headers when forwarding through a proxy, and properly URL-decoded basic auth credentials. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10794\"\u003e#10794\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10800\"\u003e#10800\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6241\"\u003e#6241\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10822\"\u003e#10822\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter — Streams \u0026amp; Timeouts:\u003c/strong\u003e Preserved the partial response object on \u003ccode\u003eAxiosError\u003c/code\u003e when a stream is aborted after headers arrive, honoured the \u003ccode\u003etimeout\u003c/code\u003e option during the connect phase when redirects are disabled, and resolved an unsettled-promise hang when an aborted request was combined with compression and \u003ccode\u003emaxRedirects: 0\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10708\"\u003e#10708\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7149\"\u003e#7149\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Enforced \u003ccode\u003emaxBodyLength\u003c/code\u003e / \u003ccode\u003emaxContentLength\u003c/code\u003e in the fetch adapter, set the \u003ccode\u003eUser-Agent\u003c/code\u003e header to match the HTTP adapter, preserved the original abort reason instead of replacing it with a generic error, and deferred global access so importing the module no longer throws a \u003ccode\u003eTypeError\u003c/code\u003e in restricted environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10795\"\u003e#10795\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10772\"\u003e#10772\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10806\"\u003e#10806\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eXHR Adapter:\u003c/strong\u003e Unsubscribed the \u003ccode\u003ecancelToken\u003c/code\u003e and \u003ccode\u003eAbortSignal\u003c/code\u003e listeners on the error, timeout, and abort code paths to prevent leaked subscriptions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e Attached the parsed response to \u003ccode\u003eAxiosError\u003c/code\u003e when \u003ccode\u003eJSON.parse\u003c/code\u003e fails inside \u003ccode\u003edispatchRequest\u003c/code\u003e, prevented \u003ccode\u003esettle\u003c/code\u003e from emitting \u003ccode\u003eundefined\u003c/code\u003e error codes, and tightened the \u003ccode\u003eparseProtocol\u003c/code\u003e regex to require a colon in the protocol separator. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10724\"\u003e#10724\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes \u0026amp; Exports:\u003c/strong\u003e Aligned the CommonJS \u003ccode\u003eCancelToken\u003c/code\u003e typings with the ESM build, fixed a compiler error caused by \u003ccode\u003eRawAxiosHeaders\u003c/code\u003e, and re-exported \u003ccode\u003ecreate\u003c/code\u003e from the package index. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7414\"\u003e#7414\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6389\"\u003e#6389\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/6460\"\u003e#6460\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUTF-8 Encoding:\u003c/strong\u003e Replaced the deprecated \u003ccode\u003eunescape()\u003c/code\u003e call with a modern UTF-8 encoding implementation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7378\"\u003e#7378\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eMisc Cleanup:\u003c/strong\u003e Resolved a batch of small inconsistencies and gadget-level issues across the codebase. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRefactor — ES6 Modernisation:\u003c/strong\u003e Modernised the \u003ccode\u003eutils\u003c/code\u003e module and XHR adapter to use ES6 features, and tidied the multipart boundary error message. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Hardened the HTTP test server lifecycle to fix flaky \u003ccode\u003eFormData\u003c/code\u003e EPIPE failures, fixed Win32 platform support for the pipe tests, and corrected an incorrect test assumption. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10820\"\u003e#10820\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10791\"\u003e#10791\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10796\"\u003e#10796\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Documented \u003ccode\u003eparamsSerializer.encode\u003c/code\u003e for strict RFC 3986 query encoding, updated the \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions and configuration docs for ES2023, added timeout guidance to the README's first async example, and expanded notes around the recent type changes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10821\"\u003e#10821\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10782\"\u003e#10782\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10759\"\u003e#10759\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10804\"\u003e#10804\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eReverted:\u003c/strong\u003e Reverted the \u003ccode\u003etransformRequest\u003c/code\u003e input typing change from \u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e after follow-up review. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10745\"\u003e#10745\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10810\"\u003e#10810\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eactions/setup-node\u003c/code\u003e, the \u003ccode\u003egithub-actions\u003c/code\u003e group, and \u003ccode\u003epostcss\u003c/code\u003e (in \u003ccode\u003e/docs\u003c/code\u003e) to their latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10785\"\u003e#10785\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10813\"\u003e#10813\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10814\"\u003e#10814\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eRelease:\u003c/strong\u003e Updated changelog and packages, and prepared the 1.16.0 release. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10790\"\u003e#10790\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/singhankit001\"\u003e\u003ccode\u003e@​singhankit001\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10588\"\u003e#10588\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/cuiweixie\"\u003e\u003ccode\u003e@​cuiweixie\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7419\"\u003e#7419\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/iruizsalinas\"\u003e\u003ccode\u003e@​iruizsalinas\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10787\"\u003e#10787\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/MarcosNocetti\"\u003e\u003ccode\u003e@​MarcosNocetti\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10680\"\u003e#10680\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/deepview-autofix\"\u003e\u003ccode\u003e@​deepview-autofix\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10729\"\u003e#10729\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/df53d7dd99b202fb194217abd127ae6a630e70dc\"\u003e\u003ccode\u003edf53d7d\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.16.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10834\"\u003e#10834\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/9d92bcd32639d1eea5b89f03ae45f248d3bb058e\"\u003e\u003ccode\u003e9d92bcd\u003c/code\u003e\u003c/a\u003e fix: gadgets and smaller issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10833\"\u003e#10833\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/5107ee69aee527b19eabaf80000ca65752135435\"\u003e\u003ccode\u003e5107ee6\u003c/code\u003e\u003c/a\u003e fix: prevent undefined error codes in settle (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7276\"\u003e#7276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e57349992f230b6b13e80613eb84302560aa5ba8\"\u003e\u003ccode\u003ee573499\u003c/code\u003e\u003c/a\u003e fix(fetch): defer global access in fetch adapter (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7260\"\u003e#7260\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ad68e1a484b50086af427f767bbd7d6e3aab7ac3\"\u003e\u003ccode\u003ead68e1a\u003c/code\u003e\u003c/a\u003e fix(http): honor timeout during connect without redirects (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10819\"\u003e#10819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/2a51828213128691d2e37502b5eb2cf4965a737d\"\u003e\u003ccode\u003e2a51828\u003c/code\u003e\u003c/a\u003e fix(http): decode URL basic auth credentials (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10825\"\u003e#10825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0e8b6bbb542131bae9940618d84d5286255d4db1\"\u003e\u003ccode\u003e0e8b6bb\u003c/code\u003e\u003c/a\u003e fix(http): preserve user-supplied Host header when forwarding through a proxy...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/79f39e1d041dca87173226d0255f90eaf252564b\"\u003e\u003ccode\u003e79f39e1\u003c/code\u003e\u003c/a\u003e docs: document paramsSerializer.encode for strict RFC 3986 query encoding (\u003ca href=\"https://redirect.github.com/axios/axios/issues/1\"\u003e#1\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0fe3a5fc14829535e1d517c662d448e86c33438e\"\u003e\u003ccode\u003e0fe3a5f\u003c/code\u003e\u003c/a\u003e [Docs/Types] Update \u003ccode\u003eparseReviver\u003c/code\u003e TypeScript definitions for ES2023 and add ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/cd6737fd84bdb7caf2a319d3579573a49f9d238d\"\u003e\u003ccode\u003ecd6737f\u003c/code\u003e\u003c/a\u003e chore: matches the sibling responseStream.on(aborted) handler and added tests...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.7.4...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.2.9 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.2.9...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `handlebars` from 4.7.8 to 4.7.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/releases\"\u003ehandlebars's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2w6w-674q-4c4q\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-3mfm-83xf-c92r\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xhpv-hc6g-r9c6\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-xjpj-3mr7-gcpf\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-9cx6-37pm-9jff\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-2qvq-rjwj-gvw9\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-7rx3-28cr-v5wh\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\"\u003ehttps://github.com/handlebars-lang/handlebars.js/security/advisories/GHSA-442j-39wm-28r2\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md\"\u003ehandlebars's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.7.9 - March 26th, 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: enable shell mode for spawn to resolve Windows EINVAL issue - e0137c2\u003c/li\u003e\n\u003cli\u003efix type \u0026quot;RuntimeOptions\u0026quot; also accepting string partials - eab1d14\u003c/li\u003e\n\u003cli\u003efeat(types): set \u003ccode\u003ehash\u003c/code\u003e to be a \u003ccode\u003eRecord\u0026lt;string, any\u0026gt;\u003c/code\u003e - de4414d\u003c/li\u003e\n\u003cli\u003efix non-contiguous program indices - 4512766\u003c/li\u003e\n\u003cli\u003erefactor: rename i to startPartIndex - e497a35\u003c/li\u003e\n\u003cli\u003esecurity: fix security issues - 68d8df5\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/dce542c9a660048d31f0981ac8a45c08b919bddb\"\u003e\u003ccode\u003edce542c\u003c/code\u003e\u003c/a\u003e v4.7.9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8a41389ba5b2624b6f43a5463d8e2533b843a562\"\u003e\u003ccode\u003e8a41389\u003c/code\u003e\u003c/a\u003e Update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/68d8df5a88e0a26fe9e6084c5c6aaebe67b07da2\"\u003e\u003ccode\u003e68d8df5\u003c/code\u003e\u003c/a\u003e Fix security issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/b2a083136b11e1da9f0f47a11f749a9830a49328\"\u003e\u003ccode\u003eb2a0831\u003c/code\u003e\u003c/a\u003e Fix browser tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/9f98c1629834abf8de5a127caff8a2eab03d2c12\"\u003e\u003ccode\u003e9f98c16\u003c/code\u003e\u003c/a\u003e Fix release script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/45443b4290475dfb7cec32a85d344f12ab345eb9\"\u003e\u003ccode\u003e45443b4\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Improve partial indenting performance\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/8841a5f6d35096aee95d68e1e49636a4cb5c661e\"\u003e\u003ccode\u003e8841a5f\u003c/code\u003e\u003c/a\u003e Fix CI errors with linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e0137c26f2202593bca7cc25184e733e87d54709\"\u003e\u003ccode\u003ee0137c2\u003c/code\u003e\u003c/a\u003e fix: enable shell mode for spawn to resolve Windows EINVAL issue\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/e914d6037ffb0dd371f7e4823cdb019732ae66d7\"\u003e\u003ccode\u003ee914d60\u003c/code\u003e\u003c/a\u003e Improve rendering performance\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/handlebars-lang/handlebars.js/commit/7de4b41c344a5d702edca93d1841b59642fa32bd\"\u003e\u003ccode\u003e7de4b41\u003c/code\u003e\u003c/a\u003e Upgrade GitHub Actions checkout and setup-node on 4.x branch\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `immutable` from 3.8.2 to 3.8.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/immutable-js/immutable-js/releases\"\u003eimmutable's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.8.3\u003c/h2\u003e\n\u003cp\u003eFix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md\"\u003eimmutable's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\nDates are formatted as YYYY-MM-DD.\u003c/p\u003e\n\u003ch2\u003eUnreleased\u003c/h2\u003e\n\u003ch2\u003e5.1.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in immutable\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate some files to TS by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2125\"\u003eimmutable-js/immutable-js#2125\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eIterator.ts\u003c/li\u003e\n\u003cli\u003ePairSorting.ts\u003c/li\u003e\n\u003cli\u003etoJS.ts\u003c/li\u003e\n\u003cli\u003eMath.ts\u003c/li\u003e\n\u003cli\u003eHash.ts\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eExtract CollectionHelperMethods and convert to TS by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2131\"\u003eimmutable-js/immutable-js#2131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUse npm \u003ca href=\"https://docs.npmjs.com/trusted-publishers\"\u003etrusted publishing only\u003c/a\u003e to avoid token stealing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix/a11y issues by \u003ca href=\"https://github.com/lyannel\"\u003e\u003ccode\u003e@​lyannel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2136\"\u003eimmutable-js/immutable-js#2136\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDoc add Map.get signature update by \u003ca href=\"https://github.com/borracciaBlu\"\u003e\u003ccode\u003e@​borracciaBlu\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2138\"\u003eimmutable-js/immutable-js#2138\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(doc):minor-issues#2132 by \u003ca href=\"https://github.com/JayMeDotDot\"\u003e\u003ccode\u003e@​JayMeDotDot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2133\"\u003eimmutable-js/immutable-js#2133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix algolia search by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2135\"\u003eimmutable-js/immutable-js#2135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eTypo in OrderedMap by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2144\"\u003eimmutable-js/immutable-js#2144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: Sort all imports and activate eslint import rule by \u003ca href=\"https://github.com/jdeniau\"\u003e\u003ccode\u003e@​jdeniau\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2119\"\u003eimmutable-js/immutable-js#2119\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.3\u003c/h2\u003e\n\u003ch3\u003eTypeScript\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: allow readonly map entry constructor by \u003ca href=\"https://github.com/septs\"\u003e\u003ccode\u003e@​septs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/pull/2123\"\u003eimmutable-js/immutable-js#2123\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cp\u003eThere has been a huge amount of changes in the documentation, mainly migrate from an autogenerated documentation from .d.ts file, to a proper documentation in markdown.\nThe playground has been included on nearly all method examples.\nWe added a page about browser extensions too: \u003ca href=\"https://immutable-js.com/browser-extension/\"\u003ehttps://immutable-js.com/browser-extension/\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eInternal\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/c4074256bf48ab372fdad2b3d47db89306a5211e\"\u003e\u003ccode\u003ec407425\u003c/code\u003e\u003c/a\u003e bump v3.8.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/c6ff68a47f1120ef5448179035c79fe9f5836f2a\"\u003e\u003ccode\u003ec6ff68a\u003c/code\u003e\u003c/a\u003e release script on 3.x branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/a675a6656416a7c73178b77de4eb198d4342dcd9\"\u003e\u003ccode\u003ea675a66\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/immutable-js/immutable-js/issues/2179\"\u003e#2179\u003c/a\u003e from immutable-js/port-patch-for-cve-2026-29063\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/immutable-js/immutable-js/commit/6e2cf1cfe6137e72dfa48fc2cfa8f4d399d113f9\"\u003e\u003ccode\u003e6e2cf1c\u003c/code\u003e\u003c/a\u003e Port patch for CVE 2026-29063 onto branch 3.x\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/immutable-js/immutable-js/compare/v3.8.2...v3.8.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for immutable since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsonpath` from 1.1.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob patte...\n\n_Description has been truncated_","html_url":"https://github.com/dfinity/dre/pull/2008","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/dfinity%2Fdre/issues/2008","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2008/packages"}},{"old_version":"1.1.1","new_version":"1.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-10T17:25:17.000Z","version_change":"1.1.1 → 1.3.0","issue":{"uuid":"4416306692","node_id":"PR_kwDOHZegI87aBhUF","number":26,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 17 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-10T17:25:17.000Z","updated_at":"2026-05-14T06:25:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":17,"packages":[{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.27.1","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"brace-expansion","old_version":"2.0.2","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"9.0.5","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"2.8.0","new_version":"2.8.4","repository_url":"https://github.com/eemeli/yaml"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.1","repository_url":"https://github.com/ljharb/qs"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"webpack","old_version":"5.99.9","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 16 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.27.1` | `7.29.4` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [yaml](https://github.com/eemeli/yaml) | `2.8.0` | `2.8.4` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.1` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.99.9` | `5.106.2` |\n\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.27.1 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.2 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.0.6 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove master branch support by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/126\"\u003efastify/fast-uri#126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(test) remove .gitkeep by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/128\"\u003efastify/fast-uri#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): set job permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/129\"\u003efastify/fast-uri#129\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set permissions at workflow level by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/131\"\u003efastify/fast-uri#131\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: set workflow permissions to read-only by default by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/132\"\u003efastify/fast-uri#132\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): restore job level permissions by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/133\"\u003efastify/fast-uri#133\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.31.2 to 0.32.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/134\"\u003efastify/fast-uri#134\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): pin actions to commit-hash by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/135\"\u003efastify/fast-uri#135\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add node 24 to test matrix by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/136\"\u003efastify/fast-uri#136\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9\"\u003e\u003ccode\u003e919dd8e\u003c/code\u003e\u003c/a\u003e Bumped v3.1.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07\"\u003e\u003ccode\u003ec65ba57\u003c/code\u003e\u003c/a\u003e fixup: linting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293\"\u003e\u003ccode\u003e6c86c17\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796\"\u003e\u003ccode\u003ea95158a\u003c/code\u003e\u003c/a\u003e Handle malformed fragment decoding without throwing (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d\"\u003e\u003ccode\u003ecea547c\u003c/code\u003e\u003c/a\u003e Bumped v3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35\"\u003e\u003ccode\u003e876ce79\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0\"\u003e\u003ccode\u003edcdf690\u003c/code\u003e\u003c/a\u003e ci: add lock-threads workflow (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/169\"\u003e#169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c\"\u003e\u003ccode\u003ec860e65\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/167\"\u003e#167\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f\"\u003e\u003ccode\u003e9b4c6dc\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (\u003ca href=\"https://redirect.github.com/fastify/fast-uri/issues/166\"\u003e#166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24\"\u003e\u003ccode\u003e85d09a9\u003c/code\u003e\u003c/a\u003e build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.0.6...v3.1.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 9.0.5 to 9.0.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 5.1.6 to 5.1.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.9 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.9...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsonpath` from 1.1.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.7 / 2015-07-28\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression with escaped round brackets and matching groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.6 / 2015-06-19\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eindex\u003c/code\u003e feature by outputting all parameters, unnamed and named.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.5 / 2015-05-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an index property for position in match result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.4 / 2015-03-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd license information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.3 / 2014-07-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBetter array support\u003c/li\u003e\n\u003cli\u003eImproved support for trailing slash in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.0 / 2014-03-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eadd options.end\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.0.2 / 2013-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to match current express\u003c/li\u003e\n\u003cli\u003eadd .license property to component.json\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0\"\u003e\u003ccode\u003e9fd0c87\u003c/code\u003e\u003c/a\u003e 0.1.13 (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/425\"\u003e#425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45\"\u003e\u003ccode\u003e7ccf02c\u003c/code\u003e\u003c/a\u003e fix: CVE-2026-4867\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for path-to-regexp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 1.10.2 to 1.10.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/cfe8f0437054ff5fbfe6499894f55b3316a54959\"\u003e\u003ccode\u003ecfe8f04\u003c/code\u003e\u003c/a\u003e 1.10.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/7abcf45dd63f0bc626890ad9a8cdeb397f92be73\"\u003e\u003ccode\u003e7abcf45\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during CST composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a0252f8b056f49875d1b79edb8709cff7d7d0dc6\"\u003e\u003ccode\u003ea0252f8\u003c/code\u003e\u003c/a\u003e chore: Add rules avoiding processing of tests/json-test-suite\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a5e83b05f7124c31b4784b613f0c669959a5ed48\"\u003e\u003ccode\u003ea5e83b0\u003c/code\u003e\u003c/a\u003e style: Apply updates Prettier rules\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/b8ddca0a5d4794a3c60f252d3513e6ff7068fdf0\"\u003e\u003ccode\u003eb8ddca0\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/395f892ec9a26b9038c8db388b675c3281ab8cd3\"\u003e\u003ccode\u003e395f892\u003c/code\u003e\u003c/a\u003e ci: Use a different (working) submodule checkout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6fd272052751775e48196024d4bed639cc1e0350\"\u003e\u003ccode\u003e6fd2720\u003c/code\u003e\u003c/a\u003e test-events: Add {} and [] indicators to flow maps \u0026amp; sequences\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v1.10.2...v1.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.8.0 to 2.8.4\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/cfe8f0437054ff5fbfe6499894f55b3316a54959\"\u003e\u003ccode\u003ecfe8f04\u003c/code\u003e\u003c/a\u003e 1.10.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/7abcf45dd63f0bc626890ad9a8cdeb397f92be73\"\u003e\u003ccode\u003e7abcf45\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during CST composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a0252f8b056f49875d1b79edb8709cff7d7d0dc6\"\u003e\u003ccode\u003ea0252f8\u003c/code\u003e\u003c/a\u003e chore: Add rules avoiding processing of tests/json-test-suite\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a5e83b05f7124c31b4784b613f0c669959a5ed48\"\u003e\u003ccode\u003ea5e83b0\u003c/code\u003e\u003c/a\u003e style: Apply updates Prettier rules\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/b8ddca0a5d4794a3c60f252d3513e6ff7068fdf0\"\u003e\u003ccode\u003eb8ddca0\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/395f892ec9a26b9038c8db388b675c3281ab8cd3\"\u003e\u003ccode\u003e395f892\u003c/code\u003e\u003c/a\u003e ci: Use a different (working) submodule checkout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6fd272052751775e48196024d4bed639cc1e0350\"\u003e\u003ccode\u003e6fd2720\u003c/code\u003e\u003c/a\u003e test-events: Add {} and [] indicators to flow maps \u0026amp; sequences\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v1.10.2...v1.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.13.0 to 6.15.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.3\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003e[Fix] fix regressions from robustness refactor\n[actions] update reusable workflows\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/c85b67f0a35897c2d3d1dd2766a3c8f1bd9b371f\"\u003e\u003ccode\u003ec85b67f\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/4dfa0f09798f79b08c9727fde391b1aa4ec8572d\"\u003e\u003ccode\u003e4dfa0f0\u003c/code\u003e\u003c/a\u003e [Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/dbb05d7bd9a86b9125dd8e1e0d3dcae62abe106b\"\u003e\u003ccode\u003edbb05d7\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/b0cfe7cc01f3f7241c1d5cb444c99c0e87b68961\"\u003e\u003ccode\u003eb0cfe7c\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/d9b4c66303375493c68c42d68e363e50b1753771\"\u003e\u003ccode\u003ed9b4c66\u003c/code\u003e\u003c/a\u003e v6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/cb41a545a32422ad3044584d3c4fa8f953552605\"\u003e\u003ccode\u003ecb41a54\u003c/code\u003e\u003c/a\u003e [New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/88e15636da953397262bd3014ab8b0d17d5c8039\"\u003e\u003ccode\u003e88e1563\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/9d441d270486c3cc77f17289a9e0921c0f742aff\"\u003e\u003ccode\u003e9d441d2\u003c/code\u003e\u003c/a\u003e Merge backport release tags v6.0.6–v6.13.3 into main\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/85cc8cac6b444c9b4cb1172a151ac8fdee0a0301\"\u003e\u003ccode\u003e85cc8ca\u003c/code\u003e\u003c/a\u003e v6.12.5\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ljharb/qs/compare/v6.13.0...v6.15.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 2.79.2 to 2.80.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.80.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6277\"\u003e#6277\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d17ae15336a45c3c59b2a4aacac2b14186035d28\"\u003e\u003ccode\u003ed17ae15\u003c/code\u003e\u003c/a\u003e 2.80.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\"\u003e\u003ccode\u003ed6dee5e\u003c/code\u003e\u003c/a\u003e Validate bundle stays within output dir (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rollup/rollup/compare/v2.79.2...v2.80.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `underscore` from 1.12.1 to 1.13.6\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/bd2d35c87620a7da36250a006c97fdae89f4902d\"\u003e\u003ccode\u003ebd2d35c\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'upstream/master'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/2e7c0f2841f5d2d0172ee42a762193898a663e30\"\u003e\u003ccode\u003e2e7c0f2\u003c/code\u003e\u003c/a\u003e Update generated files, tag 1.13.6 release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/732cafe9f580b6ee8fcb2102fe1babb65b29b810\"\u003e\u003ccode\u003e732cafe\u003c/code\u003e\u003c/a\u003e Underscore 1.13.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/e8f86fb4c670ff00abade85064c4a9cf4456fbbd\"\u003e\u003ccode\u003ee8f86fb\u003c/code\u003e\u003c/a\u003e Add changelog entry for versioin 1.13.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/43e827a166f3bdff061e0372dec73f42e6a225e1\"\u003e\u003ccode\u003e43e827a\u003c/code\u003e\u003c/a\u003e Bump the version to 1.13.6 (hotfix)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/1c1d1a278a8c617c3be052cafcb1717910e0e64a\"\u003e\u003ccode\u003e1c1d1a2\u003c/code\u003e\u003c/a\u003e Remove patch-package postinstall script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/4eb6894351edf20d589d2c2df7f20befeaf4a3e8\"\u003e\u003ccode\u003e4eb6894\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/jashkenas/underscore/issues/2974\"\u003e#2974\u003c/a\u003e from paulsmithkc/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/2edcdc18b64db878b887a6047300e724995481e4\"\u003e\u003ccode\u003e2edcdc1\u003c/code\u003e\u003c/a\u003e Hostfix for broken builds\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/66ee70d746399b3446a700492bc62f4117d4a21b\"\u003e\u003ccode\u003e66ee70d\u003c/code\u003e\u003c/a\u003e Verify that production and doc builds still work in CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jashkenas/underscore/commit/68e5eb68635548846b4663479b9d0fc78d090b0a\"\u003e\u003ccode\u003e68e5eb6\u003c/code\u003e\u003c/a\u003e Update generated sources, tag 1.13.5 release\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jashkenas/underscore/compare/1.12.1...1.13.6\"\u003ecom...\n\n_Description has been truncated_","html_url":"https://github.com/GrantBirki/birki/pull/26","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/GrantBirki%2Fbirki/issues/26","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/26/packages"}},{"old_version":"1.1.1","new_version":"1.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-09T19:51:48.000Z","version_change":"1.1.1 → 1.3.0","issue":{"uuid":"4413669631","node_id":"PR_kwDORrxkis7Z5sWb","number":9,"state":"open","title":"Bump the npm_and_yarn group across 8 directories with 27 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-09T19:51:48.000Z","updated_at":"2026-05-09T19:52:35.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":27,"packages":[{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"brace-expansion","old_version":"2.0.1","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"9.0.5","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"form-data","old_version":"3.0.3","new_version":"3.0.4","repository_url":"https://github.com/form-data/form-data"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"on-headers","old_version":"1.0.2","new_version":"1.1.0","repository_url":"https://github.com/jshttp/on-headers"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"2.7.1","new_version":"2.8.4","repository_url":"https://github.com/eemeli/yaml"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.1","repository_url":"https://github.com/ljharb/qs"},{"name":"webpack","old_version":"5.99.5","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 2 updates in the /built-in-ai-extension directory: [ip-address](https://github.com/beaugunderson/ip-address) and [protobufjs](https://github.com/protobufjs/protobuf.js).\nBumps the npm_and_yarn group with 2 updates in the /built-in-ai-task-apis-polyfills directory: [ip-address](https://github.com/beaugunderson/ip-address) and [protobufjs](https://github.com/protobufjs/protobuf.js).\nBumps the npm_and_yarn group with 2 updates in the /prompt-api-polyfill directory: [ip-address](https://github.com/beaugunderson/ip-address) and [protobufjs](https://github.com/protobufjs/protobuf.js).\nBumps the npm_and_yarn group with 1 update in the /summarization-api-playground directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 1 update in the /summary-of-summaries directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 4 updates in the /toxic-review-warning directory: [picomatch](https://github.com/micromatch/picomatch), [svgo](https://github.com/svg/svgo), [@parcel/reporter-dev-server](https://github.com/parcel-bundler/parcel) and [tar-fs](https://github.com/mafintosh/tar-fs).\nBumps the npm_and_yarn group with 17 updates in the /weather-ai directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [form-data](https://github.com/form-data/form-data) | `3.0.3` | `3.0.4` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [yaml](https://github.com/eemeli/yaml) | `2.7.1` | `2.8.4` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.1` |\n| [webpack](https://github.com/webpack/webpack) | `5.99.5` | `5.106.2` |\n\nBumps the npm_and_yarn group with 3 updates in the /webmcp-evals directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [minimatch](https://github.com/isaacs/minimatch) and [protobufjs](https://github.com/protobufjs/protobuf.js).\n\nUpdates `ip-address` from 10.1.0 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.4 to 7.5.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.7/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8af8d7c0e9800879625f7d0d4a7fb51beb4410cd\"\u003e\u003ccode\u003e8af8d7c\u003c/code\u003e\u003c/a\u003e chore(ci): Fix 7.x release please configuration (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e92ca42244ad67203b48d836290062dae037ead6\"\u003e\u003ccode\u003ee92ca42\u003c/code\u003e\u003c/a\u003e chore(ci): Enable release-please for 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2166\"\u003e#2166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.1.0 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.4 to 7.5.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.7/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8af8d7c0e9800879625f7d0d4a7fb51beb4410cd\"\u003e\u003ccode\u003e8af8d7c\u003c/code\u003e\u003c/a\u003e chore(ci): Fix 7.x release please configuration (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e92ca42244ad67203b48d836290062dae037ead6\"\u003e\u003ccode\u003ee92ca42\u003c/code\u003e\u003c/a\u003e chore(ci): Enable release-please for 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2166\"\u003e#2166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.1.0 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.4 to 7.5.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.7/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8af8d7c0e9800879625f7d0d4a7fb51beb4410cd\"\u003e\u003ccode\u003e8af8d7c\u003c/code\u003e\u003c/a\u003e chore(ci): Fix 7.x release please configuration (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e92ca42244ad67203b48d836290062dae037ead6\"\u003e\u003ccode\u003ee92ca42\u003c/code\u003e\u003c/a\u003e chore(ci): Enable release-please for 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2166\"\u003e#2166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.4 to 7.5.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.7/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8af8d7c0e9800879625f7d0d4a7fb51beb4410cd\"\u003e\u003ccode\u003e8af8d7c\u003c/code\u003e\u003c/a\u003e chore(ci): Fix 7.x release please configuration (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e92ca42244ad67203b48d836290062dae037ead6\"\u003e\u003ccode\u003ee92ca42\u003c/code\u003e\u003c/a\u003e chore(ci): Enable release-please for 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2166\"\u003e#2166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.4 to 7.5.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.7/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8af8d7c0e9800879625f7d0d4a7fb51beb4410cd\"\u003e\u003ccode\u003e8af8d7c\u003c/code\u003e\u003c/a\u003e chore(ci): Fix 7.x release please configuration (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e92ca42244ad67203b48d836290062dae037ead6\"\u003e\u003ccode\u003ee92ca42\u003c/code\u003e\u003c/a\u003e chore(ci): Enable release-please for 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2166\"\u003e#2166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.1.0 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.8 to 8.5.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ec13948ae0006e1bde2dfb545346341ac8b2dcf\"\u003e\u003ccode\u003e3ec1394\u003c/code\u003e\u003c/a\u003e Release 8.5.14 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/f2bb827b20b591080977412555aa3e5baf588620\"\u003e\u003ccode\u003ef2bb827\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/d75953d60854ad835fd21dde0b11081522341020\"\u003e\u003ccode\u003ed75953d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2084\"\u003e#2084\u003c/a\u003e from 43081j/raw-raws-rawing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/68bd2139b5dcaf5a682bc2e8826d8557be2d1480\"\u003e\u003ccode\u003e68bd213\u003c/code\u003e\u003c/a\u003e fix: always call \u003ccode\u003eraw\u003c/code\u003e to retrieve raw values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/af58cf1b7af02e9b9fcb138a4a2d7ef3450158b1\"\u003e\u003ccode\u003eaf58cf1\u003c/code\u003e\u003c/a\u003e Release 8.5.13 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/f227dbd0e9443e5f33e18e633b8b4d2b55aac5ee\"\u003e\u003ccode\u003ef227dbd\u003c/code\u003e\u003c/a\u003e Temporary ignore pnpm 11 config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/d3abd40d723cf3559e5ddb5fc738b7cb64e92bb0\"\u003e\u003ccode\u003ed3abd40\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/dd06c3e11362087bc18f9c20cee30fd82bda3de9\"\u003e\u003ccode\u003edd06c3e\u003c/code\u003e\u003c/a\u003e Revert stringifier changes because of the conflict with postcss-scss\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/ae889c815fb88d785401a88f1a7dfc8cb11915fb\"\u003e\u003ccode\u003eae889c8\u003c/code\u003e\u003c/a\u003e Try to fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/e0093e49bcf00347383a13e40bb1f67bc823ca15\"\u003e\u003ccode\u003ee0093e4\u003c/code\u003e\u003c/a\u003e Move to pnpm 11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.8...8.5.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.4 to 7.5.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.7/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8af8d7c0e9800879625f7d0d4a7fb51beb4410cd\"\u003e\u003ccode\u003e8af8d7c\u003c/code\u003e\u003c/a\u003e chore(ci): Fix 7.x release please configuration (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e92ca42244ad67203b48d836290062dae037ead6\"\u003e\u003ccode\u003ee92ca42\u003c/code\u003e\u003c/a\u003e chore(ci): Enable release-please for 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2166\"\u003e#2166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.1.0 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.8 to 8.5.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ec13948ae0006e1bde2dfb545346341ac8b2dcf\"\u003e\u003ccode\u003e3ec1394\u003c/code\u003e\u003c/a\u003e Release 8.5.14 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/f2bb827b20b591080977412555aa3e5baf588620\"\u003e\u003ccode\u003ef2bb827\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/d75953d60854ad835fd21dde0b11081522341020\"\u003e\u003ccode\u003ed75953d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2084\"\u003e#2084\u003c/a\u003e from 43081j/raw-raws-rawing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/68bd2139b5dcaf5a682bc2e8826d8557be2d1480\"\u003e\u003ccode\u003e68bd213\u003c/code\u003e\u003c/a\u003e fix: always call \u003ccode\u003eraw\u003c/code\u003e to retrieve raw values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/af58cf1b7af02e9b9fcb138a4a2d7ef3450158b1\"\u003e\u003ccode\u003eaf58cf1\u003c/code\u003e\u003c/a\u003e Release 8.5.13 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/f227dbd0e9443e5f33e18e633b8b4d2b55aac5ee\"\u003e\u003ccode\u003ef227dbd\u003c/code\u003e\u003c/a\u003e Temporary ignore pnpm 11 config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/d3abd40d723cf3559e5ddb5fc738b7cb64e92bb0\"\u003e\u003ccode\u003ed3abd40\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/dd06c3e11362087bc18f9c20cee30fd82bda3de9\"\u003e\u003ccode\u003edd06c3e\u003c/code\u003e\u003c/a\u003e Revert stringifier changes because of the conflict with postcss-scss\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/ae889c815fb88d785401a88f1a7dfc8cb11915fb\"\u003e\u003ccode\u003eae889c8\u003c/code\u003e\u003c/a\u003e Try to fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/e0093e49bcf00347383a13e40bb1f67bc823ca15\"\u003e\u003ccode\u003ee0093e4\u003c/code\u003e\u003c/a\u003e Move to pnpm 11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.8...8.5.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.4 to 7.5.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.7/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8af8d7c0e9800879625f7d0d4a7fb51beb4410cd\"\u003e\u003ccode\u003e8af8d7c\u003c/code\u003e\u003c/a\u003e chore(ci): Fix 7.x release please configuration (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e92ca42244ad67203b48d836290062dae037ead6\"\u003e\u003ccode\u003ee92ca42\u003c/code\u003e\u003c/a\u003e chore(ci): Enable release-please for 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2166\"\u003e#2166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ip-address` from 10.1.0 to 10.2.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/beaugunderson/ip-address/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.8 to 8.5.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ec13948ae0006e1bde2dfb545346341ac8b2dcf\"\u003e\u003ccode\u003e3ec1394\u003c/code\u003e\u003c/a\u003e Release 8.5.14 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/f2bb827b20b591080977412555aa3e5baf588620\"\u003e\u003ccode\u003ef2bb827\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/d75953d60854ad835fd21dde0b11081522341020\"\u003e\u003ccode\u003ed75953d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2084\"\u003e#2084\u003c/a\u003e from 43081j/raw-raws-rawing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/68bd2139b5dcaf5a682bc2e8826d8557be2d1480\"\u003e\u003ccode\u003e68bd213\u003c/code\u003e\u003c/a\u003e fix: always call \u003ccode\u003eraw\u003c/code\u003e to retrieve raw values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/af58cf1b7af02e9b9fcb138a4a2d7ef3450158b1\"\u003e\u003ccode\u003eaf58cf1\u003c/code\u003e\u003c/a\u003e Release 8.5.13 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/f227dbd0e9443e5f33e18e633b8b4d2b55aac5ee\"\u003e\u003ccode\u003ef227dbd\u003c/code\u003e\u003c/a\u003e Temporary ignore pnpm 11 config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/d3abd40d723cf3559e5ddb5fc738b7cb64e92bb0\"\u003e\u003ccode\u003ed3abd40\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/dd06c3e11362087bc18f9c20cee30fd82bda3de9\"\u003e\u003ccode\u003edd06c3e\u003c/code\u003e\u003c/a\u003e Revert stringifier changes because of the conflict with postcss-scss\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/ae889c815fb88d785401a88f1a7dfc8cb11915fb\"\u003e\u003ccode\u003eae889c8\u003c/code\u003e\u003c/a\u003e Try to fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/e0093e49bcf00347383a13e40bb1f67bc823ca15\"\u003e\u003ccode\u003ee0093e4\u003c/code\u003e\u003c/a\u003e Move to pnpm 11\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/postcss/postcss/compare/8.5.8...8.5.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `protobufjs` from 7.5.4 to 7.5.7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/releases\"\u003eprotobufjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eprotobufjs: v7.5.7\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eprotobufjs: v7.5.6\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.5.5\u003c/h2\u003e\n\u003cp\u003eThis release backports two reported security issues to 7.x branch.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: do not allow setting \u003ccode\u003e__proto__\u003c/code\u003e in Message constructor (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2126\"\u003e#2126\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\"\u003ehttps://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.5\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.7/CHANGELOG.md\"\u003eprotobufjs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.6...protobufjs-v7.5.7\"\u003e7.5.7\u003c/a\u003e (2026-05-09)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRestore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003ecc7d595\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.5...protobufjs-v7.5.6\"\u003e7.5.6\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e) (\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e75392ea\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e88fcea1635f79c414e8a070e164d38ea99e104a\"\u003e\u003ccode\u003ee88fcea\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2239\"\u003e#2239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/cc7d59559d4e8c533a35218310c67f4a5dda54f5\"\u003e\u003ccode\u003ecc7d595\u003c/code\u003e\u003c/a\u003e fix: Restore first-match namespace lookup (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2236\"\u003e#2236\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/3abc9b54d67a7102785c6dfd8bf6610f545d445b\"\u003e\u003ccode\u003e3abc9b5\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2190\"\u003e#2190\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/a0bf2dfdd8a75aa62ce5a1ff47a52b9b8f1ea793\"\u003e\u003ccode\u003ea0bf2df\u003c/code\u003e\u003c/a\u003e fix: Update CLI peer dependency (7.x) (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2189\"\u003e#2189\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/2189e5beeca6a70e4c104dfdb9fb8200bc5f81fe\"\u003e\u003ccode\u003e2189e5b\u003c/code\u003e\u003c/a\u003e chore: release protobufjs-v7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2174\"\u003e#2174\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/75392ea1b78bdc4faba027b5db44ad7c50e9c454\"\u003e\u003ccode\u003e75392ea\u003c/code\u003e\u003c/a\u003e fix: Backport input hardening and CLI fixes to 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2173\"\u003e#2173\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/8af8d7c0e9800879625f7d0d4a7fb51beb4410cd\"\u003e\u003ccode\u003e8af8d7c\u003c/code\u003e\u003c/a\u003e chore(ci): Fix 7.x release please configuration (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2169\"\u003e#2169\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/e92ca42244ad67203b48d836290062dae037ead6\"\u003e\u003ccode\u003ee92ca42\u003c/code\u003e\u003c/a\u003e chore(ci): Enable release-please for 7.x (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2166\"\u003e#2166\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/b7bdfaf91d7bf279326f2d043b633da0a2dbfe47\"\u003e\u003ccode\u003eb7bdfaf\u003c/code\u003e\u003c/a\u003e chore: release 7.5.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956\"\u003e\u003ccode\u003eff7b2af\u003c/code\u003e\u003c/a\u003e fix: filter invalid characters from the type name (\u003ca href=\"https://redirect.github.com/protobufjs/protobuf.js/issues/2127\"\u003e#2127\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/protobufjs/protobuf.js/compare/protobufjs-v7.5.4...protobufjs-v7.5.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for protobufjs since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.5.8 to 8.5.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/3ec13948ae0006e1bde2dfb545346341ac8b2dcf\"\u003e\u003ccode\u003e3ec1394\u003c/code\u003e\u003c/a\u003e Release 8.5.14 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/f2bb827b20b591080977412555aa3e5baf588620\"\u003e\u003ccode\u003ef2bb827\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/d75953d60854ad835fd21dde0b11081522341020\"\u003e\u003ccode\u003ed75953d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/postcss/postcss/issues/2084\"\u003e#2084\u003c/a\u003e from 43081j/raw-raws-rawing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/68bd2139b5dcaf5a682bc2e8826d8557be2d1480\"\u003e\u003ccode\u003e68bd213\u003c/code\u003e\u003c/a\u003e fix: always call \u003ccode\u003eraw\u003c/code\u003e to retrieve raw values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/af58cf1b7af02e9b9fcb138a4a2d7ef3450158b1\"\u003e\u003ccode\u003eaf58cf1\u003c/code\u003e\u003c/a\u003e Release 8.5.13 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/f227dbd0e9443e5f33e18e633b8b4d2b55aac5ee\"\u003e\u003ccode\u003ef227dbd\u003c/code\u003e\u003c/a\u003e Temporary ignore pnpm 11 config\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/d3abd40d723cf3559e5ddb5fc738b7cb64e92bb0\"\u003e\u003ccode\u003ed3abd40\u003c/code\u003e\u003c/a\u003e Update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/dd06c3e11362087bc18f9c20cee30fd82bda3de9\"\u003e\u003ccode\u003edd06c3e\u003c/code\u003e\u003c/a\u003e Revert stringifier changes because of the conflict with postcss-scss\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/postcss/postcss/commit/ae889c815fb88d785401a88f1a7dfc8cb11915fb\"\u003e\u003ccode\u003eae889c8\u003c/code\u003e\u003c/a\u003e Try to fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=...\n\n_Description has been truncated_","html_url":"https://github.com/danielbodnar/web-ai-demos/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielbodnar%2Fweb-ai-demos/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"}},{"old_version":"1.1.1","new_version":"1.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-09T19:47:46.000Z","version_change":"1.1.1 → 1.3.0","issue":{"uuid":"4413661450","node_id":"PR_kwDORrxkis7Z5qyt","number":6,"state":"closed","title":"Bump the npm_and_yarn group across 5 directories with 25 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":"2026-05-09T19:48:34.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-09T19:47:46.000Z","updated_at":"2026-05-09T19:48:35.000Z","time_to_close":48,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":25,"packages":[{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"brace-expansion","old_version":"2.0.1","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"9.0.5","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"form-data","old_version":"3.0.3","new_version":"3.0.4","repository_url":"https://github.com/form-data/form-data"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"on-headers","old_version":"1.0.2","new_version":"1.1.0","repository_url":"https://github.com/jshttp/on-headers"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"2.7.1","new_version":"2.8.4","repository_url":"https://github.com/eemeli/yaml"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.1","repository_url":"https://github.com/ljharb/qs"},{"name":"webpack","old_version":"5.99.5","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 1 update in the /summarization-api-playground directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 1 update in the /summary-of-summaries directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 2 updates in the /toxic-review-warning directory: [@parcel/reporter-dev-server](https://github.com/parcel-bundler/parcel) and [tar-fs](https://github.com/mafintosh/tar-fs).\nBumps the npm_and_yarn group with 17 updates in the /weather-ai directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [form-data](https://github.com/form-data/form-data) | `3.0.3` | `3.0.4` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [yaml](https://github.com/eemeli/yaml) | `2.7.1` | `2.8.4` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.1` |\n| [webpack](https://github.com/webpack/webpack) | `5.99.5` | `5.106.2` |\n\nBumps the npm_and_yarn group with 3 updates in the /webmcp-evals directory: [protobufjs](https://github.com/protobufjs/protobuf.js), [brace-expansion](https://github.com/juliangruber/brace-expansion) and [minimatch](https://github.com/isaacs/minimatch).\n\nUpdates `vite` from 5.4.12 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev5.4.21\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev5.4.20\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/ca88ed7398288ce0c60176ac9a6392f10654c67c/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.4 (2025-04-30)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: check static serve file inside sirv (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965\"\u003e#19965\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb\"\u003ec22c43d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19965\"\u003e#19965\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(optimizer): return plain object when using \u003ccode\u003erequire\u003c/code\u003e to import externals in optimized dependenci (\u003ca href=\"https://github.com/vitejs/vite/commit/efc5eab253419fde0a6a48b8d2f233063d6a9643\"\u003eefc5eab\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19940\"\u003e#19940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: remove duplicate plugin context type (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19935\"\u003e#19935\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/d6d01c2292fa4f9603e05b95d81c8724314c20e0\"\u003ed6d01c2\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19935\"\u003e#19935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.3 (2025-04-24)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: ignore malformed uris in tranform middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19853\"\u003e#19853\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e4d520141bcd83ad61f16767348b4a813bf9340a\"\u003ee4d5201\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19853\"\u003e#19853\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vite since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.21.5 to 0.25.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.25.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix a minification regression with CSS media queries (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4315\"\u003e#4315\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for \u003ccode\u003e@media \u0026lt;media-type\u0026gt; and \u0026lt;media-condition-without-or\u0026gt; { ... }\u003c/code\u003e was missing an equality check for the \u003ccode\u003e\u0026lt;media-condition-without-or\u0026gt;\u003c/code\u003e part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate the list of known JavaScript globals (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4310\"\u003e#4310\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global \u003ccode\u003eArray\u003c/code\u003e property is considered to be side-effect free but accessing the global \u003ccode\u003escrollY\u003c/code\u003e property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:\u003c/p\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2017/\"\u003eES2017\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAtomics\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSharedArrayBuffer\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2020/\"\u003eES2020\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eBigInt64Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eBigUint64Array\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2021/\"\u003eES2021\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eFinalizationRegistry\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWeakRef\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2025/\"\u003eES2025\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eIterator\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from \u003ccode\u003eIterator\u003c/code\u003e:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// This can now be tree-shaken by esbuild:\nclass ExampleIterator extends Iterator {}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for the new \u003ccode\u003e@view-transition\u003c/code\u003e CSS rule (\u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4313\"\u003e#4313\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eWith this release, esbuild now has improved support for pretty-printing and minifying the new \u003ccode\u003e@view-transition\u003c/code\u003e rule (which esbuild was previously unaware of):\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\n@view-transition {\n  navigation: auto;\n  types: check;\n}\n\u003cp\u003e/* Old output */\u003cbr /\u003e\n\u003ca href=\"https://github.com/view-transition\"\u003e\u003ccode\u003e@​view-transition\u003c/code\u003e\u003c/a\u003e { navigation: auto; types: check; }\u003c/p\u003e\n\u003cp\u003e/* New output */\u003cbr /\u003e\n\u003ca href=\"https://github.com/view-transition\"\u003e\u003ccode\u003e@​view-transition\u003c/code\u003e\u003c/a\u003e {\u003cbr /\u003e\nnavigation: auto;\u003cbr /\u003e\ntypes: check;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2024\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).\u003c/p\u003e\n\u003ch2\u003e0.24.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix regression with \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003eimport.meta\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4010\"\u003e#4010\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4012\"\u003e#4012\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4013\"\u003e#4013\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous change in version 0.24.1 to use a more expression-like parser for \u003ccode\u003edefine\u003c/code\u003e values to allow quoted property names introduced a regression that removed the ability to use \u003ccode\u003e--define:import.meta=...\u003c/code\u003e. Even though \u003ccode\u003eimport\u003c/code\u003e is normally a keyword that can't be used as an identifier, ES modules special-case the \u003ccode\u003eimport.meta\u003c/code\u003e expression to behave like an identifier anyway. This change fixes the regression.\u003c/p\u003e\n\u003cp\u003eThis fix was contributed by \u003ca href=\"https://github.com/sapphi-red\"\u003e\u003ccode\u003e@​sapphi-red\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAllow \u003ccode\u003ees2024\u003c/code\u003e as a target in \u003ccode\u003etsconfig.json\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4004\"\u003e#4004\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eTypeScript recently \u003ca href=\"https://devblogs.microsoft.com/typescript/announcing-typescript-5-7/#support-for---target-es2024-and---lib-es2024\"\u003eadded \u003ccode\u003ees2024\u003c/code\u003e\u003c/a\u003e as a compilation target, so esbuild now supports this in the \u003ccode\u003etarget\u003c/code\u003e field of \u003ccode\u003etsconfig.json\u003c/code\u003e files, such as in the following configuration file:\u003c/p\u003e\n\u003cpre lang=\"json\"\u003e\u003ccode\u003e{\n  \u0026quot;compilerOptions\u0026quot;: {\n    \u0026quot;target\u0026quot;: \u0026quot;ES2024\u0026quot;\n  }\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eAs a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in \u003ca href=\"https://esbuild.github.io/content-types/#tsconfig-json\"\u003ethe documentation\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis fix was contributed by \u003ca href=\"https://github.com/billyjanitsch\"\u003e\u003ccode\u003e@​billyjanitsch\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow automatic semicolon insertion after \u003ccode\u003eget\u003c/code\u003e/\u003ccode\u003eset\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eThis change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:\u003c/p\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003eclass Foo {\n  get\n  *x() {}\n  set\n  *y() {}\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe above code will be considered valid starting with this release. This change to esbuild follows a \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/pull/60225\"\u003esimilar change to TypeScript\u003c/a\u003e which will allow this syntax starting with TypeScript 5.7.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow quoted property names in \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003e--pure\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4008\"\u003e#4008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003edefine\u003c/code\u003e and \u003ccode\u003epure\u003c/code\u003e API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003e--pure\u003c/code\u003e consistent with \u003ccode\u003e--global-name\u003c/code\u003e, which already supported quoted property names. For example, the following is now possible:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/208f539945b145e7c9d6d844290f81c3fe5af320\"\u003e\u003ccode\u003e208f539\u003c/code\u003e\u003c/a\u003e publish 0.25.12 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/5f03afdd007f6626d4300afc7cbb5bf7c9554393\"\u003e\u003ccode\u003e5f03afd\u003c/code\u003e\u003c/a\u003e update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/6b2ee78d7f273d7ed4c4bb08b516939b373bcd67\"\u003e\u003ccode\u003e6b2ee78\u003c/code\u003e\u003c/a\u003e minify: remove css rules containing empty \u003ccode\u003e:is()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f361debd61ffa0ae2d810fbe0e4c9d39183ed4c6\"\u003e\u003ccode\u003ef361deb\u003c/code\u003e\u003c/a\u003e add some additional known static methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/07aa646bb2fd9c5eb1de804edf9eae5bd1617637\"\u003e\u003ccode\u003e07aa646\u003c/code\u003e\u003c/a\u003e automatically mark \u0026quot;RegExp.escape()\u0026quot; calls as pure\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9039c468258fd9a19eeaf5e05fd6a3d582b46d3a\"\u003e\u003ccode\u003e9039c46\u003c/code\u003e\u003c/a\u003e simplify some call expression checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/188944dd946dd54d50bbe844dc22969b604589d0\"\u003e\u003ccode\u003e188944d\u003c/code\u003e\u003c/a\u003e add some additional known static methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/d3c67f9e94267d06337d2e2e0d837844d2cac6bd\"\u003e\u003ccode\u003ed3c67f9\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4310\"\u003e#4310\u003c/a\u003e: add \u003ccode\u003eIterator\u003c/code\u003e and other known globals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/4a51f0b24d343d7ae5b7d5a3e5c3afce3f96a0f8\"\u003e\u003ccode\u003e4a51f0b\u003c/code\u003e\u003c/a\u003e fix: escape dev server breadcrumb hrefs properly (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4316\"\u003e#4316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/26b29ed51ffe20730ffaf69921dbb53e27de464a\"\u003e\u003ccode\u003e26b29ed\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4315\"\u003e#4315\u003c/a\u003e: \u003ccode\u003e@media\u003c/code\u003e deduplication bug edge case\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.21.5...v0.25.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 4.22.4 to 4.60.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.80.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6277\"\u003e#6277\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d17ae15336a45c3c59b2a4aacac2b14186035d28\"\u003e\u003ccode\u003ed17ae15\u003c/code\u003e\u003c/a\u003e 2.80.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\"\u003e\u003ccode\u003ed6dee5e\u003c/code\u003e\u003c/a\u003e Validate bundle stays within output dir (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rollup/rollup/compare/v2.79.2...v2.80.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 5.4.12 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev5.4.21\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev5.4.20\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/ca88ed7398288ce0c60176ac9a6392f10654c67c/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.4 (2025-04-30)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: check static serve file inside sirv (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965\"\u003e#19965\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb\"\u003ec22c43d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19965\"\u003e#19965\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(optimizer): return plain object when using \u003ccode\u003erequire\u003c/code\u003e to import externals in optimized dependenci (\u003ca href=\"https://github.com/vitejs/vite/commit/efc5eab253419fde0a6a48b8d2f233063d6a9643\"\u003eefc5eab\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19940\"\u003e#19940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: remove duplicate plugin context type (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19935\"\u003e#19935\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/d6d01c2292fa4f9603e05b95d81c8724314c20e0\"\u003ed6d01c2\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19935\"\u003e#19935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.3 (2025-04-24)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: ignore malformed uris in tranform middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19853\"\u003e#19853\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e4d520141bcd83ad61f16767348b4a813bf9340a\"\u003ee4d5201\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19853\"\u003e#19853\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vite since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.21.5 to 0.25.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.25.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix a minification regression with CSS media queries (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4315\"\u003e#4315\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for \u003ccode\u003e@media \u0026lt;media-type\u0026gt; and \u0026lt;media-condition-without-or\u0026gt; { ... }\u003c/code\u003e was missing an equality check for the \u003ccode\u003e\u0026lt;media-condition-without-or\u0026gt;\u003c/code\u003e part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate the list of known JavaScript globals (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4310\"\u003e#4310\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global \u003ccode\u003eArray\u003c/code\u003e property is considered to be side-effect free but accessing the global \u003ccode\u003escrollY\u003c/code\u003e property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:\u003c/p\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2017/\"\u003eES2017\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAtomics\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSharedArrayBuffer\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2020/\"\u003eES2020\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eBigInt64Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eBigUint64Array\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2021/\"\u003eES2021\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eFinalizationRegistry\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWeakRef\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2025/\"\u003eES2025\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eIterator\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from \u003ccode\u003eIterator\u003c/code\u003e:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// This can now be tree-shaken by esbuild:\nclass ExampleIterator extends Iterator {}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for the new \u003ccode\u003e@view-transition\u003c/code\u003e CSS rule (\u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4313\"\u003e#4313\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eWith this release, esbuild now has improved support for pretty-printing and minifying the new \u003ccode\u003e@view-transition\u003c/code\u003e rule (which esbuild was previously unaware of):\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\n@view-transition {\n  navigation: auto;\n  types: check;\n}\n\u003cp\u003e/* Old output */\u003cbr /\u003e\n\u003ca href=\"https://github.com/view-transition\"\u003e\u003ccode\u003e@​view-transition\u003c/code\u003e\u003c/a\u003e { navigation: auto; types: check; }\u003c/p\u003e\n\u003cp\u003e/* New output */\u003cbr /\u003e\n\u003ca href=\"https://github.com/view-transition\"\u003e\u003ccode\u003e@​view-transition\u003c/code\u003e\u003c/a\u003e {\u003cbr /\u003e\nnavigation: auto;\u003cbr /\u003e\ntypes: check;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2024\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).\u003c/p\u003e\n\u003ch2\u003e0.24.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix regression with \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003eimport.meta\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4010\"\u003e#4010\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4012\"\u003e#4012\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4013\"\u003e#4013\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous change in version 0.24.1 to use a more expression-like parser for \u003ccode\u003edefine\u003c/code\u003e values to allow quoted property names introduced a regression that removed the ability to use \u003ccode\u003e--define:import.meta=...\u003c/code\u003e. Even though \u003ccode\u003eimport\u003c/code\u003e is normally a keyword that can't be used as an identifier, ES modules special-case the \u003ccode\u003eimport.meta\u003c/code\u003e expression to behave like an identifier anyway. This change fixes the regression.\u003c/p\u003e\n\u003cp\u003eThis fix was contributed by \u003ca href=\"https://github.com/sapphi-red\"\u003e\u003ccode\u003e@​sapphi-red\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAllow \u003ccode\u003ees2024\u003c/code\u003e as a target in \u003ccode\u003etsconfig.json\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4004\"\u003e#4004\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eTypeScript recently \u003ca href=\"https://devblogs.microsoft.com/typescript/announcing-typescript-5-7/#support-for---target-es2024-and---lib-es2024\"\u003eadded \u003ccode\u003ees2024\u003c/code\u003e\u003c/a\u003e as a compilation target, so esbuild now supports this in the \u003ccode\u003etarget\u003c/code\u003e field of \u003ccode\u003etsconfig.json\u003c/code\u003e files, such as in the following configuration file:\u003c/p\u003e\n\u003cpre lang=\"json\"\u003e\u003ccode\u003e{\n  \u0026quot;compilerOptions\u0026quot;: {\n    \u0026quot;target\u0026quot;: \u0026quot;ES2024\u0026quot;\n  }\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eAs a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in \u003ca href=\"https://esbuild.github.io/content-types/#tsconfig-json\"\u003ethe documentation\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis fix was contributed by \u003ca href=\"https://github.com/billyjanitsch\"\u003e\u003ccode\u003e@​billyjanitsch\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow automatic semicolon insertion after \u003ccode\u003eget\u003c/code\u003e/\u003ccode\u003eset\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eThis change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:\u003c/p\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003eclass Foo {\n  get\n  *x() {}\n  set\n  *y() {}\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe above code will be considered valid starting with this release. This change to esbuild follows a \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/pull/60225\"\u003esimilar change to TypeScript\u003c/a\u003e which will allow this syntax starting with TypeScript 5.7.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow quoted property names in \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003e--pure\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4008\"\u003e#4008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003edefine\u003c/code\u003e and \u003ccode\u003epure\u003c/code\u003e API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003e--pure\u003c/code\u003e consistent with \u003ccode\u003e--global-name\u003c/code\u003e, which already supported quoted property names. For example, the following is now possible:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/208f539945b145e7c9d6d844290f81c3fe5af320\"\u003e\u003ccode\u003e208f539\u003c/code\u003e\u003c/a\u003e publish 0.25.12 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/5f03afdd007f6626d4300afc7cbb5bf7c9554393\"\u003e\u003ccode\u003e5f03afd\u003c/code\u003e\u003c/a\u003e update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/6b2ee78d7f273d7ed4c4bb08b516939b373bcd67\"\u003e\u003ccode\u003e6b2ee78\u003c/code\u003e\u003c/a\u003e minify: remove css rules containing empty \u003ccode\u003e:is()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f361debd61ffa0ae2d810fbe0e4c9d39183ed4c6\"\u003e\u003ccode\u003ef361deb\u003c/code\u003e\u003c/a\u003e add some additional known static methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/07aa646bb2fd9c5eb1de804edf9eae5bd1617637\"\u003e\u003ccode\u003e07aa646\u003c/code\u003e\u003c/a\u003e automatically mark \u0026quot;RegExp.escape()\u0026quot; calls as pure\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9039c468258fd9a19eeaf5e05fd6a3d582b46d3a\"\u003e\u003ccode\u003e9039c46\u003c/code\u003e\u003c/a\u003e simplify some call expression checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/188944dd946dd54d50bbe844dc22969b604589d0\"\u003e\u003ccode\u003e188944d\u003c/code\u003e\u003c/a\u003e add some additional known static methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/d3c67f9e94267d06337d2e2e0d837844d2cac6bd\"\u003e\u003ccode\u003ed3c67f9\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4310\"\u003e#4310\u003c/a\u003e: add \u003ccode\u003eIterator\u003c/code\u003e and other known globals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/4a51f0b24d343d7ae5b7d5a3e5c3afce3f96a0f8\"\u003e\u003ccode\u003e4a51f0b\u003c/code\u003e\u003c/a\u003e fix: escape dev server breadcrumb hrefs properly (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4316\"\u003e#4316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/26b29ed51ffe20730ffaf69921dbb53e27de464a\"\u003e\u003ccode\u003e26b29ed\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4315\"\u003e#4315\u003c/a\u003e: \u003ccode\u003e@media\u003c/code\u003e deduplication bug edge case\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.21.5...v0.25.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 4.22.4 to 4.60.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.80.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6277\"\u003e#6277\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d17ae15336a45c3c59b2a4aacac2b14186035d28\"\u003e\u003ccode\u003ed17ae15\u003c/code\u003e\u003c/a\u003e 2.80.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\"\u003e\u003ccode\u003ed6dee5e\u003c/code\u003e\u003c/a\u003e Validate bundle stays within output dir (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rollup/rollup/compare/v2.79.2...v2.80.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 4.22.4 to 4.60.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.80.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6277\"\u003e#6277\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d17ae15336a45c3c59b2a4aacac2b14186035d28\"\u003e\u003ccode\u003ed17ae15\u003c/code\u003e\u003c/a\u003e 2.80.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\"\u003e\u003ccode\u003ed6dee5e\u003c/code\u003e\u003c/a\u003e Validate bundle stays within output dir (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rollup/rollup/compare/v2.79.2...v2.80.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `vite` from 5.4.11 to 6.4.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/releases\"\u003evite's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.2\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.1\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.1/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.0/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.7\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.7/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev6.3.6\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev5.4.21\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/v5.4.21/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003ch2\u003ev5.4.20\u003c/h2\u003e\n\u003cp\u003ePlease refer to \u003ca href=\"https://github.com/vitejs/vite/blob/ca88ed7398288ce0c60176ac9a6392f10654c67c/packages/vite/CHANGELOG.md\"\u003eCHANGELOG.md\u003c/a\u003e for details.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vitejs/vite/blob/v6.4.2/packages/vite/CHANGELOG.md\"\u003evite's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.2 (2026-04-06)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003efe28e47\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22159\"\u003e#22159\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22163\"\u003e#22163\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003eca4da5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/22161\"\u003e#22161\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.4.1 (2025-10-20)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e1114b5d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20968\"\u003e#20968\u003c/a\u003e \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20969\"\u003e#20969\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e6.4.0 (2025-10-15)\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003eca6455e\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20932\"\u003e#20932\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.7 (2025-10-14)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003ec59a222\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20940\"\u003e#20940\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.6 (2025-09-08)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: apply \u003ccode\u003efs.strict\u003c/code\u003e check to HTML files (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20736\"\u003e#20736\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/0ab19ea9fcb66f544328f442cf6e70f7c0528d5f\"\u003e0ab19ea\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20736\"\u003e#20736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: upgrade sirv to 3.0.2 (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20735\"\u003e#20735\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e11d24008b97d4ca731ecc1a3b95260a6d12e7e0\"\u003ee11d240\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20735\"\u003e#20735\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003etest: detect ts support via \u003ccode\u003eprocess.features\u003c/code\u003e (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20544\"\u003e#20544\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/7d9922972b62329d37a71d4da5a4a382d0bf8a79\"\u003e7d99229\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/20544\"\u003e#20544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.5 (2025-05-05)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(ssr): handle uninitialized export access as undefined (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19959\"\u003e#19959\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/fd38d076fe2455aac1e00a7b15cd51159bf12bb5\"\u003efd38d07\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19959\"\u003e#19959\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.4 (2025-04-30)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: check static serve file inside sirv (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19965\"\u003e#19965\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/c22c43de612eebb6c182dd67850c24e4fab8cacb\"\u003ec22c43d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19965\"\u003e#19965\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(optimizer): return plain object when using \u003ccode\u003erequire\u003c/code\u003e to import externals in optimized dependenci (\u003ca href=\"https://github.com/vitejs/vite/commit/efc5eab253419fde0a6a48b8d2f233063d6a9643\"\u003eefc5eab\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19940\"\u003e#19940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003erefactor: remove duplicate plugin context type (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19935\"\u003e#19935\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/d6d01c2292fa4f9603e05b95d81c8724314c20e0\"\u003ed6d01c2\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19935\"\u003e#19935\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003c!-- raw HTML omitted --\u003e6.3.3 (2025-04-24)\u003c!-- raw HTML omitted --\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: ignore malformed uris in tranform middleware (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/19853\"\u003e#19853\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/commit/e4d520141bcd83ad61f16767348b4a813bf9340a\"\u003ee4d5201\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/vitejs/vite/issues/19853\"\u003e#19853\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/6b3fad02abd550bd7b79934ff92c58dbd7f33045\"\u003e\u003ccode\u003e6b3fad0\u003c/code\u003e\u003c/a\u003e release: v6.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca4da5d1fb45c9cfdce606aa30825095791b164b\"\u003e\u003ccode\u003eca4da5d\u003c/code\u003e\u003c/a\u003e fix: avoid path traversal with optimize deps sourcemap handler (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22161\"\u003e#22161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/fe28e47e9463e4c9619f94bfa06d2f8f1411b44b\"\u003e\u003ccode\u003efe28e47\u003c/code\u003e\u003c/a\u003e fix: apply server.fs check to env transport (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22159\"\u003e#22159\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/22163\"\u003e#22163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/5487f4f641f70c47ea05fd101a4319897df048b3\"\u003e\u003ccode\u003e5487f4f\u003c/code\u003e\u003c/a\u003e release: v6.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/1114b5d7ea03e26572708715343bec69db4536e8\"\u003e\u003ccode\u003e1114b5d\u003c/code\u003e\u003c/a\u003e fix(dev): trim trailing slash before \u003ccode\u003eserver.fs.deny\u003c/code\u003e check (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20968\"\u003e#20968\u003c/a\u003e) (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20969\"\u003e#20969\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/f12697c0f64b9a37196b9ab218a0911829d5b103\"\u003e\u003ccode\u003ef12697c\u003c/code\u003e\u003c/a\u003e release: v6.4.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/ca6455ee9eb6111a9caa9810506a1b9ac96a520a\"\u003e\u003ccode\u003eca6455e\u003c/code\u003e\u003c/a\u003e feat: allow passing down resolved config to vite's createServer (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20932\"\u003e#20932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/0e173d83681daa31be10fa8a62d56b1ec84690af\"\u003e\u003ccode\u003e0e173d8\u003c/code\u003e\u003c/a\u003e release: v6.3.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/c59a222aa584c087cfe710173de1b9ecb597a3ff\"\u003e\u003ccode\u003ec59a222\u003c/code\u003e\u003c/a\u003e fix(esbuild): inject esbuild helpers correctly for esbuild 0.25.9+ (\u003ca href=\"https://github.com/vitejs/vite/tree/HEAD/packages/vite/issues/20940\"\u003e#20940\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitejs/vite/commit/3f337c5e24504e51188d29c970de1416ee523dbb\"\u003e\u003ccode\u003e3f337c5\u003c/code\u003e\u003c/a\u003e release: v6.3.6\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vitejs/vite/commits/v6.4.2/packages/vite\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for vite since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `esbuild` from 0.21.5 to 0.25.12\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/releases\"\u003eesbuild's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.25.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix a minification regression with CSS media queries (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4315\"\u003e#4315\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous release introduced support for parsing media queries which unintentionally introduced a regression with the removal of duplicate media rules during minification. Specifically the grammar for \u003ccode\u003e@media \u0026lt;media-type\u0026gt; and \u0026lt;media-condition-without-or\u0026gt; { ... }\u003c/code\u003e was missing an equality check for the \u003ccode\u003e\u0026lt;media-condition-without-or\u0026gt;\u003c/code\u003e part, so rules with different suffix clauses in this position would incorrectly compare equal and be deduplicated. This release fixes the regression.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eUpdate the list of known JavaScript globals (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4310\"\u003e#4310\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThis release updates esbuild's internal list of known JavaScript globals. These are globals that are known to not have side-effects when the property is accessed. For example, accessing the global \u003ccode\u003eArray\u003c/code\u003e property is considered to be side-effect free but accessing the global \u003ccode\u003escrollY\u003c/code\u003e property can trigger a layout, which is a side-effect. This is used by esbuild's tree-shaking to safely remove unused code that is known to be side-effect free. This update adds the following global properties:\u003c/p\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2017/\"\u003eES2017\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAtomics\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSharedArrayBuffer\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2020/\"\u003eES2020\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eBigInt64Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eBigUint64Array\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2021/\"\u003eES2021\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eFinalizationRegistry\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eWeakRef\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFrom \u003ca href=\"https://tc39.es/ecma262/2025/\"\u003eES2025\u003c/a\u003e:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eFloat16Array\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eIterator\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eNote that this does not indicate that constructing any of these objects is side-effect free, just that accessing the identifier is side-effect free. For example, this now allows esbuild to tree-shake classes that extend from \u003ccode\u003eIterator\u003c/code\u003e:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e// This can now be tree-shaken by esbuild:\nclass ExampleIterator extends Iterator {}\n\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd support for the new \u003ccode\u003e@view-transition\u003c/code\u003e CSS rule (\u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4313\"\u003e#4313\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eWith this release, esbuild now has improved support for pretty-printing and minifying the new \u003ccode\u003e@view-transition\u003c/code\u003e rule (which esbuild was previously unaware of):\u003c/p\u003e\n\u003cpre lang=\"css\"\u003e\u003ccode\u003e/* Original code */\n@view-transition {\n  navigation: auto;\n  types: check;\n}\n\u003cp\u003e/* Old output */\u003cbr /\u003e\n\u003ca href=\"https://github.com/view-transition\"\u003e\u003ccode\u003e@​view-transition\u003c/code\u003e\u003c/a\u003e { navigation: auto; types: check; }\u003c/p\u003e\n\u003cp\u003e/* New output */\u003cbr /\u003e\n\u003ca href=\"https://github.com/view-transition\"\u003e\u003ccode\u003e@​view-transition\u003c/code\u003e\u003c/a\u003e {\u003cbr /\u003e\nnavigation: auto;\u003cbr /\u003e\ntypes: check;\u003cbr /\u003e\n\u003c/code\u003e\u003c/pre\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md\"\u003eesbuild's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog: 2024\u003c/h1\u003e\n\u003cp\u003eThis changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).\u003c/p\u003e\n\u003ch2\u003e0.24.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eFix regression with \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003eimport.meta\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4010\"\u003e#4010\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4012\"\u003e#4012\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/evanw/esbuild/pull/4013\"\u003e#4013\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe previous change in version 0.24.1 to use a more expression-like parser for \u003ccode\u003edefine\u003c/code\u003e values to allow quoted property names introduced a regression that removed the ability to use \u003ccode\u003e--define:import.meta=...\u003c/code\u003e. Even though \u003ccode\u003eimport\u003c/code\u003e is normally a keyword that can't be used as an identifier, ES modules special-case the \u003ccode\u003eimport.meta\u003c/code\u003e expression to behave like an identifier anyway. This change fixes the regression.\u003c/p\u003e\n\u003cp\u003eThis fix was contributed by \u003ca href=\"https://github.com/sapphi-red\"\u003e\u003ccode\u003e@​sapphi-red\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eAllow \u003ccode\u003ees2024\u003c/code\u003e as a target in \u003ccode\u003etsconfig.json\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4004\"\u003e#4004\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eTypeScript recently \u003ca href=\"https://devblogs.microsoft.com/typescript/announcing-typescript-5-7/#support-for---target-es2024-and---lib-es2024\"\u003eadded \u003ccode\u003ees2024\u003c/code\u003e\u003c/a\u003e as a compilation target, so esbuild now supports this in the \u003ccode\u003etarget\u003c/code\u003e field of \u003ccode\u003etsconfig.json\u003c/code\u003e files, such as in the following configuration file:\u003c/p\u003e\n\u003cpre lang=\"json\"\u003e\u003ccode\u003e{\n  \u0026quot;compilerOptions\u0026quot;: {\n    \u0026quot;target\u0026quot;: \u0026quot;ES2024\u0026quot;\n  }\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eAs a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in \u003ca href=\"https://esbuild.github.io/content-types/#tsconfig-json\"\u003ethe documentation\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThis fix was contributed by \u003ca href=\"https://github.com/billyjanitsch\"\u003e\u003ccode\u003e@​billyjanitsch\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow automatic semicolon insertion after \u003ccode\u003eget\u003c/code\u003e/\u003ccode\u003eset\u003c/code\u003e\u003c/p\u003e\n\u003cp\u003eThis change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:\u003c/p\u003e\n\u003cpre lang=\"ts\"\u003e\u003ccode\u003eclass Foo {\n  get\n  *x() {}\n  set\n  *y() {}\n}\n\u003c/code\u003e\u003c/pre\u003e\n\u003cp\u003eThe above code will be considered valid starting with this release. This change to esbuild follows a \u003ca href=\"https://redirect.github.com/microsoft/TypeScript/pull/60225\"\u003esimilar change to TypeScript\u003c/a\u003e which will allow this syntax starting with TypeScript 5.7.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAllow quoted property names in \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003e--pure\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4008\"\u003e#4008\u003c/a\u003e)\u003c/p\u003e\n\u003cp\u003eThe \u003ccode\u003edefine\u003c/code\u003e and \u003ccode\u003epure\u003c/code\u003e API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes \u003ccode\u003e--define\u003c/code\u003e and \u003ccode\u003e--pure\u003c/code\u003e consistent with \u003ccode\u003e--global-name\u003c/code\u003e, which already supported quoted property names. For example, the following is now possible:\u003c/p\u003e\n\u003cpre lang=\"js\"\u003e\u003ccode\u003e\u003c/code\u003e\u003c/pre\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/208f539945b145e7c9d6d844290f81c3fe5af320\"\u003e\u003ccode\u003e208f539\u003c/code\u003e\u003c/a\u003e publish 0.25.12 to npm\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/5f03afdd007f6626d4300afc7cbb5bf7c9554393\"\u003e\u003ccode\u003e5f03afd\u003c/code\u003e\u003c/a\u003e update release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/6b2ee78d7f273d7ed4c4bb08b516939b373bcd67\"\u003e\u003ccode\u003e6b2ee78\u003c/code\u003e\u003c/a\u003e minify: remove css rules containing empty \u003ccode\u003e:is()\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/f361debd61ffa0ae2d810fbe0e4c9d39183ed4c6\"\u003e\u003ccode\u003ef361deb\u003c/code\u003e\u003c/a\u003e add some additional known static methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/07aa646bb2fd9c5eb1de804edf9eae5bd1617637\"\u003e\u003ccode\u003e07aa646\u003c/code\u003e\u003c/a\u003e automatically mark \u0026quot;RegExp.escape()\u0026quot; calls as pure\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/9039c468258fd9a19eeaf5e05fd6a3d582b46d3a\"\u003e\u003ccode\u003e9039c46\u003c/code\u003e\u003c/a\u003e simplify some call expression checks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/188944dd946dd54d50bbe844dc22969b604589d0\"\u003e\u003ccode\u003e188944d\u003c/code\u003e\u003c/a\u003e add some additional known static methods\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/d3c67f9e94267d06337d2e2e0d837844d2cac6bd\"\u003e\u003ccode\u003ed3c67f9\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4310\"\u003e#4310\u003c/a\u003e: add \u003ccode\u003eIterator\u003c/code\u003e and other known globals\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/4a51f0b24d343d7ae5b7d5a3e5c3afce3f96a0f8\"\u003e\u003ccode\u003e4a51f0b\u003c/code\u003e\u003c/a\u003e fix: escape dev server breadcrumb hrefs properly (\u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4316\"\u003e#4316\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/evanw/esbuild/commit/26b29ed51ffe20730ffaf69921dbb53e27de464a\"\u003e\u003ccode\u003e26b29ed\u003c/code\u003e\u003c/a\u003e fix \u003ca href=\"https://redirect.github.com/evanw/esbuild/issues/4315\"\u003e#4315\u003c/a\u003e: \u003ccode\u003e@media\u003c/code\u003e deduplication bug edge case\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/evanw/esbuild/compare/v0.21.5...v0.25.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `postcss` from 8.4.49 to 8.5.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/releases\"\u003epostcss's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epostcss-scss\u003c/code\u003e commend regression.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed reading any file via user-generated CSS.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eopts.unsafeMap\u003c/code\u003e to disable checks.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed nested brackets parsing performance (by \u003ca href=\"https://github.com/offset\"\u003e\u003ccode\u003e@​offset\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed XSS via unescaped \u003ccode\u003e\u0026lt;/style\u0026gt;\u003c/code\u003e in non-bundler cases (by \u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSpeed up source map encoding paring in case of the error.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eProcessor#version\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImproved source map annotation cleaning performance (by CodeAnt AI).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003eContainerWithChildren\u003c/code\u003e type discriminating (by \u003ca href=\"https://github.com/Goodwine\"\u003e\u003ccode\u003e@​Goodwine\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003epackage.json\u003c/code\u003e→\u003ccode\u003eexports\u003c/code\u003e compatibility with some tools (by \u003ca href=\"https://github.com/JounQin\"\u003e\u003ccode\u003e@​JounQin\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed Parcel compatibility issue (by \u003ca href=\"https://github.com/git-sumitchaudhary\"\u003e\u003ccode\u003e@​git-sumitchaudhary\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded more details to \u003ccode\u003eUnknown word\u003c/code\u003e error (by \u003ca href=\"https://github.com/hiepxanh\"\u003e\u003ccode\u003e@​hiepxanh\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed types (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003cli\u003eFixed docs (by \u003ca href=\"https://github.com/catnipan\"\u003e\u003ccode\u003e@​catnipan\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed end position of rules with semicolon (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed backwards compatibility for complex cases (by \u003ca href=\"https://github.com/romainmenke\"\u003e\u003ccode\u003e@​romainmenke\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5 “Duke Alloces”\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003ePostCSS 8.5 brought API to work better with non-CSS sources like HTML, Vue.js/Svelte sources or CSS-in-JS.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/postcss/postcss/blob/main/CHANGELOG.md\"\u003epostcss's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e8.5.14\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed custom syntax regression (by \u003ca href=\"https://github.com/43081j\"\u003e\u003ccode\u003e@​43081j\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e8.5.13\u003c/h2\u003e...\n\n_Description has been truncated_","html_url":"https://github.com/danielbodnar/web-ai-demos/pull/6","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielbodnar%2Fweb-ai-demos/issues/6","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/6/packages"}},{"old_version":"1.1.1","new_version":"1.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-09T01:29:47.000Z","version_change":"1.1.1 → 1.3.0","issue":{"uuid":"4410503783","node_id":"PR_kwDOOheLgc7Zvr47","number":37,"state":"closed","title":"Bump the npm_and_yarn group across 1 directory with 24 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-17T07:39:28.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-09T01:29:47.000Z","updated_at":"2026-05-17T07:39:30.000Z","time_to_close":713381,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":24,"packages":[{"name":"fast-xml-parser","old_version":"4.4.1","new_version":"5.7.3","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"@babel/plugin-transform-modules-systemjs","old_version":"7.22.5","new_version":"7.29.4","repository_url":"https://github.com/babel/babel"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"aws-cdk-lib","old_version":"2.80.0","new_version":"2.189.1","repository_url":"https://github.com/aws/aws-cdk"},{"name":"form-data","old_version":"3.0.1","new_version":"3.0.4","repository_url":"https://github.com/form-data/form-data"},{"name":"basic-ftp","old_version":"5.0.4","new_version":"5.3.1","repository_url":"https://github.com/patrickjuchli/basic-ftp"},{"name":"diff","old_version":"4.0.2","new_version":"4.0.4","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"path-to-regexp","old_version":"0.1.10","new_version":"1.9.0","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"flatted","old_version":"3.2.9","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"http-proxy-middleware","old_version":"2.0.7","new_version":"2.0.9","repository_url":"https://github.com/chimurai/http-proxy-middleware"},{"name":"immutable","old_version":"4.3.0","new_version":"4.3.8","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"ip-address","old_version":"9.0.5","new_version":"10.2.0","repository_url":"https://github.com/beaugunderson/ip-address"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"nanoid","old_version":"3.3.7","new_version":"3.3.12","repository_url":"https://github.com/ai/nanoid"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"on-headers","old_version":"1.0.2","new_version":"1.1.0","repository_url":"https://github.com/jshttp/on-headers"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"svgo","old_version":"3.0.2","new_version":"3.3.3","repository_url":"https://github.com/svg/svgo"},{"name":"svgo","old_version":"2.8.0","new_version":"2.8.2","repository_url":"https://github.com/svg/svgo"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.1","repository_url":"https://github.com/ljharb/qs"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"webpack","old_version":"5.94.0","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 21 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.4.1` | `5.7.3` |\n| [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) | `7.22.5` | `7.29.4` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [aws-cdk-lib](https://github.com/aws/aws-cdk/tree/HEAD/packages/aws-cdk-lib) | `2.80.0` | `2.189.1` |\n| [form-data](https://github.com/form-data/form-data) | `3.0.1` | `3.0.4` |\n| [basic-ftp](https://github.com/patrickjuchli/basic-ftp) | `5.0.4` | `5.3.1` |\n| [diff](https://github.com/kpdecker/jsdiff) | `4.0.2` | `4.0.4` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.10` | `1.9.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.9` | `3.4.2` |\n| [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.7` | `2.0.9` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `4.3.0` | `4.3.8` |\n| [ip-address](https://github.com/beaugunderson/ip-address) | `9.0.5` | `10.2.0` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.12` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [svgo](https://github.com/svg/svgo) | `3.0.2` | `3.3.3` |\n| [svgo](https://github.com/svg/svgo) | `2.8.0` | `2.8.2` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.1` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.94.0` | `5.106.2` |\n\n\nUpdates `fast-xml-parser` from 4.4.1 to 5.7.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/releases\"\u003efast-xml-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003efix minor old bugs and update builder\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: alwaysCreateTextNode should create text node when attributes are present for self closing node\u003c/li\u003e\n\u003cli\u003efix stop node expression when ns prefix is removed (found by \u003ca href=\"https://github.com/iruizsalinas\"\u003eiruizsalinas\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate XML Builder to 1.1.7\u003c/li\u003e\n\u003cli\u003emark addEntity deprecated\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ebackward compatibility for numerical external entity, fix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eallow numerical external entity for backward compatibility\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e: attributesGroupName working with preserveOrder\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e: stackoverflow when tag expression is very long\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eupgrade \u003ccode\u003e@​nodable/entities\u003c/code\u003e and FXB\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e@nodable/entities\u003c/code\u003e v2.1.0\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003esingle entity scan. You're not allowed to use entity value to form another entity name.\u003c/li\u003e\n\u003cli\u003eyou cant add numeric external entity\u003c/li\u003e\n\u003cli\u003eentity error message when expantion limit is crossed might change\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etypings are updated for new options related to process entity\u003c/li\u003e\n\u003cli\u003eplease follow documentation of \u003ccode\u003e@nodable/entities\u003c/code\u003e for more detail.\u003c/li\u003e\n\u003cli\u003eperformance\n\u003cul\u003e\n\u003cli\u003eif processEntities is false, then there should not be impact on performance.\u003c/li\u003e\n\u003cli\u003eif processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%\u003c/li\u003e\n\u003cli\u003eif processEntities is true, and you pass entity decoder separately\n\u003cul\u003e\n\u003cli\u003eif no entity then performance should be same as before\u003c/li\u003e\n\u003cli\u003eif there are entities then performance should be increased from past versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eignoreAttributes is not required to be set to set xml version for NCR entity value\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate 'fast-xml-builder' to sanitize malicious CDATA and comment's content\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003euse \u003ccode\u003e@​nodable/entities\u003c/code\u003e to replace entities\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNo API change\u003c/li\u003e\n\u003cli\u003eNo change in performance for basic usage\u003c/li\u003e\n\u003cli\u003eNo typing change\u003c/li\u003e\n\u003cli\u003eNo config change\u003c/li\u003e\n\u003cli\u003enew dependency\u003c/li\u003e\n\u003cli\u003ebreaking: error messages for entities might have been changed.\u003c/li\u003e\n\u003cli\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0\"\u003ehttps://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.12...v5.6.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eperformance improvment, increase entity expansion default limit\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eincrease default entity explansion limit as many projects demand for that\u003c/li\u003e\n\u003c/ul\u003e\n\u003cpre\u003e\u003ccode\u003emaxEntitySize: 10000,\r\nmaxExpansionDepth: 10000,\r\nmaxTotalExpansions: Infinity,\r\nmaxExpandedLength: 100000,\r\nmaxEntityCount: 1000,\r\n\u003c/code\u003e\u003c/pre\u003e\n\u003cul\u003e\n\u003cli\u003eperformance improvement\n\u003cul\u003e\n\u003cli\u003ereduce calls to toString\u003c/li\u003e\n\u003cli\u003eearly return when entities are not present\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md\"\u003efast-xml-parser's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003eNote: If you find missing information about particular minor version, that version must have been changed without any functional change in this library.\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003cp\u003eNote: Due to some last quick changes on v4, detail of v4.5.3 \u0026amp; v4.5.4 are not updated here. v4.5.4x is the last tag of v4 in github repository. I'm extremely sorry for the confusion\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.3 / 2006-05-05\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: alwaysCreateTextNode should create text node when attributes are present for self closing node\u003c/li\u003e\n\u003cli\u003efix stop node expression when ns prefix is removed (found by \u003ca href=\"https://github.com/iruizsalinas\"\u003eiruizsalinas\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate XML Builder to 1.1.7\u003c/li\u003e\n\u003cli\u003emark addEntity deprecated\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.2 / 2026-04-25\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eallow numerical external entity for backward compatibility\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/705\"\u003e#705\u003c/a\u003e: attributesGroupName working with preserveOrder\u003c/li\u003e\n\u003cli\u003efix \u003ca href=\"https://redirect.github.com/NaturalIntelligence/fast-xml-parser/issues/817\"\u003e#817\u003c/a\u003e: stackoverflow when tag expression is very long\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.1 / 2026-04-20\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix typo in CJS typing file\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.7.0 / 2026-04-17\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUse \u003ccode\u003e@nodable/entities\u003c/code\u003e v2.1.0\n\u003cul\u003e\n\u003cli\u003ebreaking changes\n\u003cul\u003e\n\u003cli\u003esingle entity scan. You're not allowed to user entity value to form another entity name.\u003c/li\u003e\n\u003cli\u003eyou cant add numeric external entity\u003c/li\u003e\n\u003cli\u003eentity error message when expantion limit is crossed might change\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003etypings are updated for new options related to process entity\u003c/li\u003e\n\u003cli\u003eplease follow documentation of \u003ccode\u003e@nodable/entities\u003c/code\u003e for more detail.\u003c/li\u003e\n\u003cli\u003eperformance\n\u003cul\u003e\n\u003cli\u003eif processEntities is false, then there should not be impact on performance.\u003c/li\u003e\n\u003cli\u003eif processEntities is true, but you dont pass entity decoder separately then performance may degrade by approx 8-10%\u003c/li\u003e\n\u003cli\u003eif processEntities is true, and you pass entity decoder separately\n\u003cul\u003e\n\u003cli\u003eif no entity then performance should be same as before\u003c/li\u003e\n\u003cli\u003eif there are entities then performance should be increased from past versions\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eignoreAttributes is not required to be set to set xml version for NCR entity value\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eupdate 'fast-xml-builder' to sanitize malicious CDATA and comment's content\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.6.0 / 2026-04-15\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003efix: entity replacement for numeric entities\u003c/li\u003e\n\u003cli\u003euse \u003ccode\u003e@​nodable/entities\u003c/code\u003e to replace entities\n\u003cul\u003e\n\u003cli\u003ethis may change some error messages related to entities expansion limit or inavlid use\u003c/li\u003e\n\u003cli\u003epost check would be exposed in future version\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.5.12 / 2026-04-13\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePerformance Improvement: update path-expression-matcher\n\u003cul\u003e\n\u003cli\u003euse proxy pattern than Proxy class\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003e5.5.11 / 2026-04-08\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePerformance Improvement\n\u003cul\u003e\n\u003cli\u003eintegrate ExpressionSet for stopNodes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d6d80429b1d1f1420902e1cebac6fe7831ba0839\"\u003e\u003ccode\u003ed6d8042\u003c/code\u003e\u003c/a\u003e update to release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d2633709699520c514208ea70e31adb6d71ab0e8\"\u003e\u003ccode\u003ed263370\u003c/code\u003e\u003c/a\u003e remove dev dependency 'he'\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/f9c9a2c19f819ab6fe0856ef4e94d6aa28fe1eec\"\u003e\u003ccode\u003ef9c9a2c\u003c/code\u003e\u003c/a\u003e update builder to 1.1.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/b65da87028f943abf5698b96385eef21e39f983e\"\u003e\u003ccode\u003eb65da87\u003c/code\u003e\u003c/a\u003e update changelog and mark addEntity deprecated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/c2ca631f99d4d7f66e0d48001741bc8784cfe966\"\u003e\u003ccode\u003ec2ca631\u003c/code\u003e\u003c/a\u003e update fxb\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/da7519163bfdc257e90be781a05af83840b330a8\"\u003e\u003ccode\u003eda75191\u003c/code\u003e\u003c/a\u003e fix stop node expression when ns prefix is removed\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/31bbc99adedcada7d52bc4745273e7d8b9824b31\"\u003e\u003ccode\u003e31bbc99\u003c/code\u003e\u003c/a\u003e fix: alwaysCreateTextNode should create text node when attributes are present...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/dab327a05acd4f62bba277fb924e2e751079eca0\"\u003e\u003ccode\u003edab327a\u003c/code\u003e\u003c/a\u003e remove unnecessary\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/ab04eeb91d3013d56c6a949cf45c17deaa3a0fc8\"\u003e\u003ccode\u003eab04eeb\u003c/code\u003e\u003c/a\u003e update docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/383cb3feee7f8181379f41836359e6b53379db5d\"\u003e\u003ccode\u003e383cb3f\u003c/code\u003e\u003c/a\u003e Revise security information for v6 release\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v4.4.1...v5.7.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/plugin-transform-modules-systemjs` from 7.22.5 to 7.29.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/plugin-transform-modules-systemjs's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.4 (2026-05-05)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-modules-systemjs\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17974\"\u003e#17974\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 1\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.3 (2026-04-30)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17923\"\u003e#17923\u003c/a\u003e Support flow extends bound (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-create-class-features-plugin\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-decorators\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17931\"\u003e#17931\u003c/a\u003e fix(decorators): replace super within all removed static elements (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-register\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17915\"\u003e#17915\u003c/a\u003e Fix thread synchronization issues in \u003ccode\u003e@babel/register\u003c/code\u003e (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-compat-data\u003c/code\u003e, \u003ccode\u003ebabel-plugin-bugfix-safari-rest-destructuring-rhs-array\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17788\"\u003e#17788\u003c/a\u003e Add bugfix plugin for Safari array rest destructuring bug (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:nail_care: Polish\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17782\"\u003e#17782\u003c/a\u003e Improve trailing comma comment handling (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:memo: Documentation\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17847\"\u003e#17847\u003c/a\u003e Replace npmjs.com links with npmx.dev (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:running_woman: Performance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helper-import-to-platform-api\u003c/code\u003e, \u003ccode\u003ebabel-plugin-proposal-import-wasm-source\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-json-modules\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17818\"\u003e#17818\u003c/a\u003e Load async Wasm and JSON imports in parallel (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 4\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eBabel Bot (\u003ca href=\"https://github.com/babel-bot\"\u003e\u003ccode\u003e@​babel-bot\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eNicolò Ribaudo (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a458f66074b97d54773db8159af673d23b26079b\"\u003e\u003ccode\u003ea458f66\u003c/code\u003e\u003c/a\u003e v7.29.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/32ebd5aaf2526ddd176fd6a3d1e3dc594abdc8d9\"\u003e\u003ccode\u003e32ebd5a\u003c/code\u003e\u003c/a\u003e [7.x backport]fix(systemjs): improve module string name support (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17974\"\u003e#17974\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/aa8394e454337d118ac3d40bfa3ee1a3cb3f3ed2\"\u003e\u003ccode\u003eaa8394e\u003c/code\u003e\u003c/a\u003e v7.29.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/0053db620c05acf0036f593b5aaf4e372daa79d0\"\u003e\u003ccode\u003e0053db6\u003c/code\u003e\u003c/a\u003e Update polyfill packages (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17727\"\u003e#17727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/61647ae2397c82c3c71f077b5ab109106a5cac0f\"\u003e\u003ccode\u003e61647ae\u003c/code\u003e\u003c/a\u003e v7.28.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/a177d551adba99773f4ff00ea9bf46550def6132\"\u003e\u003ccode\u003ea177d55\u003c/code\u003e\u003c/a\u003e [Babel 8] Use \u003ccode\u003et.traverseFast\u003c/code\u003e to replace some \u003ccode\u003epath.traverse\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17518\"\u003e#17518\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/eebd3a06021c13d335b5b0bd79734df3abbea678\"\u003e\u003ccode\u003eeebd3a0\u003c/code\u003e\u003c/a\u003e v7.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/317e332e650bc04907bc787ab79f930288a3e71e\"\u003e\u003ccode\u003e317e332\u003c/code\u003e\u003c/a\u003e Enforce node protocol import (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17207\"\u003e#17207\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/fdc0fb59e119ee0b38bced63867a344a5b4bc2f3\"\u003e\u003ccode\u003efdc0fb5\u003c/code\u003e\u003c/a\u003e [Babel 8] Bump nodejs requirements to \u003ccode\u003e^20.19.0 || \u0026gt;= 22.12.0\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17204\"\u003e#17204\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cd24cc07ef6558b7f6510f9177f6393c91b0549f\"\u003e\u003ccode\u003ecd24cc0\u003c/code\u003e\u003c/a\u003e chore: Update TS 5.7 (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs/issues/17053\"\u003e#17053\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.4/packages/babel-plugin-transform-modules-systemjs\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/plugin-transform-modules-systemjs\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.14.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `aws-cdk-lib` from 2.80.0 to 2.189.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-cdk/releases\"\u003eaws-cdk-lib's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.189.1\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecore:\u003c/strong\u003e implicit Aspect applications do not override custom Aspect applications (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34132\"\u003e#34132\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/b7f4bc7aee1d99b70e4d9d3cedea53e910ee37ef\"\u003eb7f4bc7\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eAlpha modules (2.189.1-alpha.0)\u003c/h2\u003e\n\u003ch2\u003ev2.189.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eapigatewayv2:\u003c/strong\u003e dualstack HTTP and WebSocket API (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34054\"\u003e#34054\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/eec900e90f38f34f896b22cf36cb225fc9c13cc8\"\u003eeec900e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate L1 CloudFormation resource definitions (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34064\"\u003e#34064\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/9cb260266e92f45e40a19667e29ccf2decb3d2b8\"\u003e9cb2602\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ebedrock:\u003c/strong\u003e support Amazon Nova Reel 1.1 (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34070\"\u003e#34070\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/3da0c4d267dbb693ffc01b9fae69cebcb180cdec\"\u003e3da0c4d\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003esupport L2 constructs for Amazon S3 Tables (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33599\"\u003e#33599\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/2e95252fecbb1fec9874fd5af4b4bd6449d50471\"\u003e2e95252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epipelines:\u003c/strong\u003e add \u003ccode\u003eV2\u003c/code\u003e pipeline type support in L3 construct (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34005\"\u003e#34005\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/994e95289b589596179553a5b9d7201155bd9ed1\"\u003e994e952\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33995\"\u003e#33995\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ecodepipeline:\u003c/strong\u003e replace account root principal with pipeline role in trust policy for cross-account actions (under feature flag) (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34074\"\u003e#34074\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/2d901f4e7bb982221e1a48a13666939140109d5a\"\u003e2d901f4\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecustom-resources:\u003c/strong\u003e \u003ccode\u003eAwsCustomResource\u003c/code\u003e assumed role session name may contain invalid characters (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34016\"\u003e#34016\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/32b6b4d7fa99723efb667239fbe455ede43b92c6\"\u003e32b6b4d\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/23260\"\u003e#23260\u003c/a\u003e \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34011\"\u003e#34011\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003ch2\u003eAlpha modules (2.189.0-alpha.0)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eec2-alpha:\u003c/strong\u003e implement mapPublicIpOnLaunch prop in SubnetV2 (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34057\"\u003e#34057\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/836c5cf3e4c627f817e4dc8ed2af28a5bba54792\"\u003e836c5cf\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/32159\"\u003e#32159\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eamplify:\u003c/strong\u003e unable to re-run integ test due to missing \u003ccode\u003estatus\u003c/code\u003e field in \u003ccode\u003ecustomRule\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33973\"\u003e#33973\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/6638c08d56afe7ecc4f23cff4cf334b887001e5e\"\u003e6638c08\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33962\"\u003e#33962\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.188.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate L1 CloudFormation resource definitions (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33980\"\u003e#33980\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/0923b5e82dd0c8da864f0c806f295fae270c22c1\"\u003e0923b5e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate L1 CloudFormation resource definitions (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34029\"\u003e#34029\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/be6210f246b97befcdc9446862e991071738008d\"\u003ebe6210f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecodepipeline:\u003c/strong\u003e add usePipelineRoleForActions field support in L2 (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33961\"\u003e#33961\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/d8bbc1c3f8479ab5031b8684364735b9a6c31fa2\"\u003ed8bbc1c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecodepipeline-actions:\u003c/strong\u003e support \u003ccode\u003eECRBuildAndPublish\u003c/code\u003e action (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33375\"\u003e#33375\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/c5cd679b2f979b9e51c7a071b18d930d3a475129\"\u003ec5cd679\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33376\"\u003e#33376\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecodepipeline-actions:\u003c/strong\u003e support \u003ccode\u003eInspectorEcrImageScanAction\u003c/code\u003e and \u003ccode\u003eInspectorSourceCodeScanAction\u003c/code\u003e actions (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33378\"\u003e#33378\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/2dc8cc7f703ebcd61f2b5f4d20401a1ade788e7a\"\u003e2dc8cc7\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33377\"\u003e#33377\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ecognito:\u003c/strong\u003e v3.0 pre token generation trigger event (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33778\"\u003e#33778\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/ea1436f85d036bddb9a96dd54f02a639c3aab212\"\u003eea1436f\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33733\"\u003e#33733\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eevents-targets:\u003c/strong\u003e support ApiGatewayV2 HttpApi (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33864\"\u003e#33864\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/91a3076fb16369629a710ebc560c103a91c2ea20\"\u003e91a3076\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/26649\"\u003e#26649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ekinesisfirehose:\u003c/strong\u003e support S3 file extension format (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33776\"\u003e#33776\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/e314a9aa5d149704cc2abd30927a41d317a3ce6c\"\u003ee314a9a\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/32154\"\u003e#32154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003elogs-destinations:\u003c/strong\u003e support Amazon Data Firehose logs destination (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33683\"\u003e#33683\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/a8edf696e91c44cbda286889896464960dd03266\"\u003ea8edf69\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/32038\"\u003e#32038\u003c/a\u003e \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/24766\"\u003e#24766\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003epipelines:\u003c/strong\u003e actions can default to the pipeline service role instead of a newly created role (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33991\"\u003e#33991\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/2ebc51e694e85aa0d8e0401dbb1fc1037298eda5\"\u003e2ebc51e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003erds:\u003c/strong\u003e engine lifecycle support (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33902\"\u003e#33902\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/c0f8d293df157cd196e2bd9fb569374d0535f471\"\u003ec0f8d29\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/33859\"\u003e#33859\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/aws/aws-cdk/blob/main/CHANGELOG.v2.alpha.md\"\u003eaws-cdk-lib's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file. See \u003ca href=\"https://github.com/conventional-changelog/standard-version\"\u003estandard-version\u003c/a\u003e for commit guidelines.\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aws/aws-cdk/compare/v2.252.0-alpha.0...v2.253.0-alpha.0\"\u003e2.253.0-alpha.0\u003c/a\u003e (2026-05-06)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebedrock-agentcore-alpha:\u003c/strong\u003e add OnlineEvaluationConfig and Evaluator L2 constructs (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/37615\"\u003e#37615\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/c13de04223e32272b0c6c6dd4e2fca8e300fafa8\"\u003ec13de04\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/37614\"\u003e#37614\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eglue-alpha:\u003c/strong\u003e add extraPythonFiles support to PythonShellJob (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/37130\"\u003e#37130\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/c9c6f9c1b7c12722d18a45bf8a02c09672f8720d\"\u003ec9c6f9c\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34448\"\u003e#34448\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebedrock-agentcore-alpha:\u003c/strong\u003e self-managed memory strategy validation throws on unresolved tokens (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/37691\"\u003e#37691\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/79565376cdb642d821625fe10ae5916e7d2e64fe\"\u003e7956537\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/37197\"\u003e#37197\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aws/aws-cdk/compare/v2.251.0-alpha.0...v2.252.0-alpha.0\"\u003e2.252.0-alpha.0\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aws/aws-cdk/compare/v2.250.0-alpha.0...v2.251.0-alpha.0\"\u003e2.251.0-alpha.0\u003c/a\u003e (2026-04-24)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ebedrock-agentcore-alpha:\u003c/strong\u003e add L2 constructs for policy and policy engine  (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/37238\"\u003e#37238\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/1e89e7e921a9946cb9c23f967c6b7a33a6048de4\"\u003e1e89e7e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ebedrock-agentcore-alpha:\u003c/strong\u003e add observability configuration for Runtime (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/36689\"\u003e#36689\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/34b43aabe2c3a946ba286812b402ce946222d820\"\u003e34b43aa\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/36596\"\u003e#36596\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ebedrock-agentcore-alpha:\u003c/strong\u003e support No Authorization for AgentCore Gateway (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/36610\"\u003e#36610\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/f20bd8e43700877f7166cdac3cd994876963bc67\"\u003ef20bd8e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003edsql-alpha:\u003c/strong\u003e initial L2 construct (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34599\"\u003e#34599\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/be1a45861a5138b6e397cf076e39dfe0a18d4e99\"\u003ebe1a458\u003c/a\u003e), closes \u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/34593\"\u003e#34593\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aws/aws-cdk/compare/v2.249.0-alpha.0...v2.250.0-alpha.0\"\u003e2.250.0-alpha.0\u003c/a\u003e (2026-04-14)\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aws/aws-cdk/compare/v2.248.0-alpha.0...v2.249.0-alpha.0\"\u003e2.249.0-alpha.0\u003c/a\u003e (2026-04-10)\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aws/aws-cdk/compare/v2.247.0-alpha.0...v2.248.0-alpha.0\"\u003e2.248.0-alpha.0\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aws/aws-cdk/compare/v2.246.0-alpha.0...v2.247.0-alpha.0\"\u003e2.247.0-alpha.0\u003c/a\u003e (2026-04-02)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003emediapackagev2-alpha:\u003c/strong\u003e new L2 construct (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/37279\"\u003e#37279\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/7debfb9c5e807fac5df6e9e0ea3097d72325ffbc\"\u003e7debfb9\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aws/aws-cdk/compare/v2.245.0-alpha.0...v2.246.0-alpha.0\"\u003e2.246.0-alpha.0\u003c/a\u003e (2026-03-31)\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/aws/aws-cdk/compare/v2.244.0-alpha.0...v2.245.0-alpha.0\"\u003e2.245.0-alpha.0\u003c/a\u003e (2026-03-27)\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003es3tables-alpha:\u003c/strong\u003e add support for partition spec, sort order, and table properties (\u003ca href=\"https://redirect.github.com/aws/aws-cdk/issues/36811\"\u003e#36811\u003c/a\u003e) (\u003ca href=\"https://github.com/aws/aws-cdk/commit/2696cd16e8e2edc8d40f1443b9c87eb6171e5d1f\"\u003e2696cd1\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-cdk/commit/e7432ee4f8ae6f4ba000b1c1833188dddeb15624\"\u003e\u003ccode\u003ee7432ee\u003c/code\u003e\u003c/a\u003e chore(release): 2.189.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-cdk/commit/b7f4bc7aee1d99b70e4d9d3cedea53e910ee37ef\"\u003e\u003ccode\u003eb7f4bc7\u003c/code\u003e\u003c/a\u003e fix(core): implicit Aspect applications do not override custom Aspect applica...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-cdk/commit/dcd077fb04f6900fd92e127d92a777cc38cdf932\"\u003e\u003ccode\u003edcd077f\u003c/code\u003e\u003c/a\u003e chore: update analytics metadata blueprints\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-cdk/commit/b997bf125f0782d37fb8c99db0e0be09f4b10295\"\u003e\u003ccode\u003eb997bf1\u003c/code\u003e\u003c/a\u003e chore(release): 2.189.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-cdk/commit/eec900e90f38f34f896b22cf36cb225fc9c13cc8\"\u003e\u003ccode\u003eeec900e\u003c/code\u003e\u003c/a\u003e feat(apigatewayv2): dualstack HTTP and WebSocket API (\u003ca href=\"https://github.com/aws/aws-cdk/tree/HEAD/packages/aws-cdk-lib/issues/34054\"\u003e#34054\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-cdk/commit/9cb260266e92f45e40a19667e29ccf2decb3d2b8\"\u003e\u003ccode\u003e9cb2602\u003c/code\u003e\u003c/a\u003e feat: update L1 CloudFormation resource definitions (\u003ca href=\"https://github.com/aws/aws-cdk/tree/HEAD/packages/aws-cdk-lib/issues/34064\"\u003e#34064\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-cdk/commit/2d901f4e7bb982221e1a48a13666939140109d5a\"\u003e\u003ccode\u003e2d901f4\u003c/code\u003e\u003c/a\u003e fix(codepipeline): replace account root principal with pipeline role in trust...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-cdk/commit/3da0c4d267dbb693ffc01b9fae69cebcb180cdec\"\u003e\u003ccode\u003e3da0c4d\u003c/code\u003e\u003c/a\u003e feat(bedrock): support Amazon Nova Reel 1.1 (\u003ca href=\"https://github.com/aws/aws-cdk/tree/HEAD/packages/aws-cdk-lib/issues/34070\"\u003e#34070\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-cdk/commit/b1e8879a800850efb130cb8aaaef596195de56f9\"\u003e\u003ccode\u003eb1e8879\u003c/code\u003e\u003c/a\u003e docs(pipelines): add link to developer guide on how to use docker drop-in rep...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/aws/aws-cdk/commit/1b98a41853c17dcce53c5bb7074011c8dd928fb3\"\u003e\u003ccode\u003e1b98a41\u003c/code\u003e\u003c/a\u003e docs(batch): add note on update fatgate compute environment (\u003ca href=\"https://github.com/aws/aws-cdk/tree/HEAD/packages/aws-cdk-lib/issues/34022\"\u003e#34022\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/aws/aws-cdk/commits/v2.189.1/packages/aws-cdk-lib\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `axios` from 1.8.4 to 1.13.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.13.6\u003c/h2\u003e\n\u003cp\u003eThis release focuses on platform compatibility, error handling improvements, and code quality maintenance.\u003c/p\u003e\n\u003ch2\u003e⚠️ Important Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking Changes:\u003c/strong\u003e None identified in this release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAction Required:\u003c/strong\u003e Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eReact Native Blob Support:\u003c/strong\u003e Axios now includes support for React Native Blob objects. Thanks to \u003ca href=\"https://github.com/moh3n9595\"\u003e\u003ccode\u003e@​moh3n9595\u003c/code\u003e\u003c/a\u003e for the initial implementation. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/5764\"\u003e#5764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCode Quality:\u003c/strong\u003e Implemented prettier across the codebase and resolved associated formatting issues. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7385\"\u003e#7385\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eEnvironment Compatibility:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eFixed module exports for React Native and Browserify environments. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7386\"\u003e#7386\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdded safe FormData detection for the WeChat Mini Program environment. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7324\"\u003e#7324\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eError Handling:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAxiosError.message is now correctly enumerable. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7392\"\u003e#7392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAxiosError.from now correctly copies the status property from the source error, ensuring better error propagation. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7403\"\u003e#7403\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Updated the development_dependencies group (5 updates). (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7432\"\u003e#7432\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eInfrastructure:\u003c/strong\u003e Migrated \u003ccode\u003e@​rollup/plugin-babel\u003c/code\u003e from v5.3.1 to v6.1.0. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7424\"\u003e#7424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocumentation:\u003c/strong\u003e Added missing JSDoc comments to utilities. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors! Thank you for helping improve the project:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Gudahtt\"\u003e\u003ccode\u003e@​Gudahtt\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7386\"\u003e#7386\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ybbus\"\u003e\u003ccode\u003e@​ybbus\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7392\"\u003e#7392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Shiwaangee\"\u003e\u003ccode\u003e@​Shiwaangee\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7324\"\u003e#7324\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/skrtheboss\"\u003e\u003ccode\u003e@​skrtheboss\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7403\"\u003e#7403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Janaka66\"\u003e\u003ccode\u003e@​Janaka66\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moh3n9595\"\u003e\u003ccode\u003e@​moh3n9595\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/axios/axios/pull/5764\"\u003e#5764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digital-wizard48\"\u003e\u003ccode\u003e@​digital-wizard48\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7424\"\u003e#7424\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cem\u003eFull Changelog: \u003ca href=\"https://github.com/axios/axios/compare/v1.13.5...v1.13.6\"\u003ev1.13.5...v1.13.6\u003c/a\u003e\u003c/em\u003e\u003c/p\u003e\n\u003ch2\u003ev1.13.5\u003c/h2\u003e\n\u003ch2\u003eRelease 1.13.5\u003c/h2\u003e\n\u003ch3\u003eHighlights\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eSecurity:\u003c/strong\u003e Fixed a potential \u003cstrong\u003eDenial of Service\u003c/strong\u003e issue involving the \u003ccode\u003e__proto__\u003c/code\u003e key in \u003ccode\u003emergeConfig\u003c/code\u003e. (PR \u003ca href=\"https://redirect.github.com/axios/axios/pull/7369\"\u003e#7369\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBug fix:\u003c/strong\u003e Resolved an issue where \u003ccode\u003eAxiosError\u003c/code\u003e could be missing the \u003ccode\u003estatus\u003c/code\u003e field on and after \u003cstrong\u003ev1.13.3\u003c/strong\u003e. (PR \u003ca href=\"https://redirect.github.com/axios/axios/pull/7368\"\u003e#7368\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanges\u003c/h3\u003e\n\u003ch4\u003eSecurity\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eFix Denial of Service via \u003ccode\u003e__proto__\u003c/code\u003e key in \u003ccode\u003emergeConfig\u003c/code\u003e. (PR \u003ca href=\"https://redirect.github.com/axios/axios/pull/7369\"\u003e#7369\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.13.6 - February 27, 2026\u003c/h2\u003e\n\u003cp\u003eThis release adds React Native Blob support, fixes several enumeration and export regressions, and patches FormData detection for WeChat Mini Program environments.\u003c/p\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eReact Native Blob Support:\u003c/strong\u003e Axios now correctly handles native Blob objects in React Native environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/5764\"\u003e#5764\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eAxiosError:\u003c/strong\u003e Fixed \u003ccode\u003eAxiosError.from\u003c/code\u003e not copying the \u003ccode\u003estatus\u003c/code\u003e field from the source error. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7403\"\u003e#7403\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eAxiosError:\u003c/strong\u003e Made the \u003ccode\u003emessage\u003c/code\u003e property enumerable so it appears in \u003ccode\u003eJSON.stringify\u003c/code\u003e output and \u003ccode\u003eObject.keys\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7392\"\u003e#7392\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eFormData Detection:\u003c/strong\u003e Corrected safe FormData detection for WeChat Mini Program environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7324\"\u003e#7324\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eReact Native / Browserify Export:\u003c/strong\u003e Fixed broken module export that caused import failures in React Native and Browserify. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7386\"\u003e#7386\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Migrated \u003ccode\u003e@rollup/plugin-babel\u003c/code\u003e from v5 to v6 and bumped the development dependencies group. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7424\"\u003e#7424\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7432\"\u003e#7432\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/moh3n9595\"\u003e\u003ccode\u003e@​moh3n9595\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/5764\"\u003e#5764\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/skrtheboss\"\u003e\u003ccode\u003e@​skrtheboss\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7403\"\u003e#7403\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ybbus\"\u003e\u003ccode\u003e@​ybbus\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7392\"\u003e#7392\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Shiwaangee\"\u003e\u003ccode\u003e@​Shiwaangee\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7324\"\u003e#7324\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Gudahtt\"\u003e\u003ccode\u003e@​Gudahtt\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7386\"\u003e#7386\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.13.5...v1.13.6\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.13.5 - February 8, 2026\u003c/h2\u003e\n\u003cp\u003eThis release patches a prototype pollution denial-of-service vulnerability, fixes a missing \u003ccode\u003estatus\u003c/code\u003e field regression in \u003ccode\u003eAxiosError\u003c/code\u003e, adds interceptor ordering control, and introduces URL validation for \u003ccode\u003eisAbsoluteURL\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution (DoS):\u003c/strong\u003e Hardened \u003ccode\u003emergeConfig\u003c/code\u003e to ignore \u003ccode\u003e__proto__\u003c/code\u003e, \u003ccode\u003econstructor\u003c/code\u003e, and \u003ccode\u003eprototype\u003c/code\u003e keys, preventing denial-of-service via prototype pollution when merging user-supplied config. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7369\"\u003e#7369\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eisAbsoluteURL\u003c/code\u003e Validation:\u003c/strong\u003e Added input validation to \u003ccode\u003eisAbsoluteURL\u003c/code\u003e to handle malformed or unexpected input gracefully. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7326\"\u003e#7326\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/7108c8877f9dc05f7aba8beb2b9e522537f9a9a7\"\u003e\u003ccode\u003e7108c88\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.13.6 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7446\"\u003e#7446\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/20a0ba3c01174aa2ec441753fa1fe47f21d20491\"\u003e\u003ccode\u003e20a0ba3\u003c/code\u003e\u003c/a\u003e refactor(deps): migrate \u003ccode\u003e@​rollup/plugin-babel\u003c/code\u003e from v5.3.1 to v6.1.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7424\"\u003e#7424\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/885b4af6f5dd6ab7977b207fdf61a7e89af69e69\"\u003e\u003ccode\u003e885b4af\u003c/code\u003e\u003c/a\u003e feat: support react native blob objects (\u003ca href=\"https://redirect.github.com/axios/axios/issues/5764\"\u003e#5764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/00d97b9730f3d83e865d0f3ee33cba6290ba20ed\"\u003e\u003ccode\u003e00d97b9\u003c/code\u003e\u003c/a\u003e docs(utils): add missing JSDoc comments (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7427\"\u003e#7427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/9712548a49521580c8e692c367609b9f5e748d63\"\u003e\u003ccode\u003e9712548\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the development_dependencies group across 1 directory w...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/d51accbea1faef6e3b74c7dfa636704a2332bfbb\"\u003e\u003ccode\u003ed51accb\u003c/code\u003e\u003c/a\u003e fix(core): copy status from source error in AxiosError.from (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7403\"\u003e#7403\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/3e30bbf1b33c8b6213c793eb0cf6b61b0edc72f1\"\u003e\u003ccode\u003e3e30bbf\u003c/code\u003e\u003c/a\u003e chore: fix publish to only run on v1 tags\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/672491db34b5575d2abb1c3f91382bc1f45ae7b7\"\u003e\u003ccode\u003e672491d\u003c/code\u003e\u003c/a\u003e fix: safe FormData detection for WeChat Mini Program (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7306\"\u003e#7306\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7324\"\u003e#7324\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/822e3e40b4f9287b5a787f5d1dfb3ae7f8a0faa3\"\u003e\u003ccode\u003e822e3e4\u003c/code\u003e\u003c/a\u003e fix: make AxiosError.message property enumerable (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7392\"\u003e#7392\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ef3711d1b3a3c1eb4f11dc43e8db38e9c5342448\"\u003e\u003ccode\u003eef3711d\u003c/code\u003e\u003c/a\u003e feat: implement prettier and fix all issues (\u003ca href=\"https://redirect.github.com/axios/axios/issues/7385\"\u003e#7385\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.8.4...v1.13.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `form-data` from 3.0.1 to 3.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/form-data/form-data/releases\"\u003eform-data's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003enpmignore temporary build files (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/532\"\u003e#532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emove util.isArray to Array.isArray (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emigrate from travis to GHA\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/form-data/form-data/blob/master/CHANGELOG.md\"\u003eform-data's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.3...v3.0.4\"\u003ev3.0.4\u003c/a\u003e - 2025-07-16\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/577\"\u003e\u003ccode\u003e[#577](https://github.com/form-data/form-data/issues/577)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[eslint] update linting config \u003ca href=\"https://github.com/form-data/form-data/commit/f5e7eb024bc3fc7e2074ff80f143a4f4cbc1dbda\"\u003e\u003ccode\u003ef5e7eb0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5\"\u003e\u003ccode\u003ed2eb290\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23 \u003ca href=\"https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f\"\u003e\u003ccode\u003ee8c574c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values \u003ca href=\"https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd\"\u003e\u003ccode\u003ec6ced61\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003ehasown\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/1a78b5dd05e508d67e97764d812ac7c6d92ea88d\"\u003e\u003ccode\u003e1a78b5d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method \u003ca href=\"https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4\"\u003e\u003ccode\u003e70bbaa0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add tests to check the behavior of \u003ccode\u003egetBoundary\u003c/code\u003e with non-strings \u003ca href=\"https://github.com/form-data/form-data/commit/b22a64ef94ba4f3f6ff7d1ac72a54cca128567df\"\u003e\u003ccode\u003eb22a64e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] actually ensure the readme backup isn’t published \u003ca href=\"https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea\"\u003e\u003ccode\u003e0150851\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] remove local commit hooks \u003ca href=\"https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769\"\u003e\u003ccode\u003efc42bb9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] remove unused deps \u003ca href=\"https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb\"\u003e\u003ccode\u003ea14d09e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix scripts to use prepublishOnly \u003ca href=\"https://github.com/form-data/form-data/commit/11d9f7338f18a59b431832a3562b49baece0a432\"\u003e\u003ccode\u003e11d9f73\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix readme capitalization \u003ca href=\"https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932\"\u003e\u003ccode\u003efc38b48\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.2...v3.0.3\"\u003ev3.0.3\u003c/a\u003e - 2025-02-14\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/573\"\u003e\u003ccode\u003e[#573](https://github.com/form-data/form-data/issues/573)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/573\"\u003e#573\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/396\"\u003e\u003ccode\u003e[#396](https://github.com/form-data/form-data/issues/396)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003eObject.prototype.hasOwnProperty.call\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/7fecefe4ba8f775634aff86a698776ad95ecffb5\"\u003e\u003ccode\u003e7fecefe\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@types/node\u003c/code\u003e, \u003ccode\u003ebrowserify\u003c/code\u003e, \u003ccode\u003ecoveralls\u003c/code\u003e, \u003ccode\u003ecross-spawn\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003eformidable\u003c/code\u003e, \u003ccode\u003ein-publish\u003c/code\u003e, \u003ccode\u003epkgfiles\u003c/code\u003e, \u003ccode\u003epre-commit\u003c/code\u003e, \u003ccode\u003epuppeteer\u003c/code\u003e, \u003ccode\u003erequest\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e, \u003ccode\u003etypescript\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/8261fcb8bf5944d30ae3bd04b91b71d6a9932ef4\"\u003e\u003ccode\u003e8261fcb\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/form-data/form-data/commit/b82f59093cdbadb4b7ec0922d33ae7ab048b82ff\"\u003e\u003ccode\u003eb82f590\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] pin \u003ccode\u003erequest\u003c/code\u003e which via \u003ccode\u003etough-cookie\u003c/code\u003e ^2.4 depends on \u003ccode\u003epsl\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/e5df7f24383342264bd73dee3274818a40d04065\"\u003e\u003ccode\u003ee5df7f2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003emime-types\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/5a5bafee894fead10da49e1fa2b084e17f2e1034\"\u003e\u003ccode\u003e5a5bafe\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.1...v3.0.2\"\u003ev3.0.2\u003c/a\u003e - 2024-10-10\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix (npmignore): ignore temporary build files \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/532\"\u003e\u003ccode\u003e[#532](https://github.com/form-data/form-data/issues/532)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] migrate from travis to GHA \u003ca href=\"https://github.com/form-data/form-data/commit/8fdb3bc6b5d001f8909a9fca391d1d1d97ef1d79\"\u003e\u003ccode\u003e8fdb3bc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] clean up ignores \u003ca href=\"https://github.com/form-data/form-data/commit/3217b3ded8e382e51171d5c74c6038a21cc54440\"\u003e\u003ccode\u003e3217b3d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: move util.isArray to Array.isArray (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/564\"\u003e#564\u003c/a\u003e) \u003ca href=\"https://github.com/form-data/form-data/commit/edb555a811f6f7e4668db4831551cf41c1de1cac\"\u003e\u003ccode\u003eedb555a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/9c82fcdf0858b2764060a87803a55375ffbee6ed\"\u003e\u003ccode\u003e9c82fcd\u003c/code\u003e\u003c/a\u003e v3.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f\"\u003e\u003ccode\u003ee8c574c\u003c/code\u003e\u003c/a\u003e [Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd\"\u003e\u003ccode\u003ec6ced61\u003c/code\u003e\u003c/a\u003e [Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea\"\u003e\u003ccode\u003e0150851\u003c/code\u003e\u003c/a\u003e [meta] actually ensure the readme backup isn’t published\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932\"\u003e\u003ccode\u003efc38b48\u003c/code\u003e\u003c/a\u003e [meta] fix readme capitalization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5\"\u003e\u003ccode\u003ed2eb290\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769\"\u003e\u003ccode\u003efc42bb9\u003c/code\u003e\u003c/a\u003e [meta] remove local commit hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb\"\u003e\u003ccode\u003ea14d09e\u003c/code\u003e\u003c/a\u003e [Dev Deps] remove unused deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/002b9b0c4862576305292ac44f7be25ec7ccea0e\"\u003e\u003ccode\u003e002b9b0\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4\"\u003e\u003ccode\u003e70bbaa0\u003c/code\u003e\u003c/a\u003e [Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.1...v3.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for form-data since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `basic-ftp` from 5.0.4 to 5.3.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/releases\"\u003ebasic-ftp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Protect against unbounded control response, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.0.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Memory leak described in \u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/250\"\u003e#250\u003c/a\u003e by \u003ca href=\"https://github.com/everhardt\"\u003e\u003ccode\u003e@​everhardt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/martijnimhoff\"\u003e\u003ccode\u003e@​martijnimhoff\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/blob/master/CHANGELOG.md\"\u003ebasic-ftp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Protect against unbounded control response, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rpmf-866q-6p89\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Introduced an upper bound for total bytes of directory listing, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-rp42-5vxx-qpwr\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded: Option to increase the upper bound for total bytes of directory listing in Client constructor.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Improve control character rejection, fixes \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-6v7q-wjvx-w8wg\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Reject control character injection attempts using paths. See \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-chqc-8p9q-pq6q\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eChanged: Skip files with invalid name in downloadToDir. Fixes security vulnerability CVE-2026-27699, see \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\"\u003ehttps://github.com/patrickjuchli/basic-ftp/security/advisories/GHSA-5rq4-664w-9x2c\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded: Add the option to prevent the use of separate transfer host IPs when using PASV. (\u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/259\"\u003e#259\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.0.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed: Memory leak described in \u003ca href=\"https://redirect.github.com/patrickjuchli/basic-ftp/issues/250\"\u003e#250\u003c/a\u003e by \u003ca href=\"https://github.com/everhardt\"\u003e\u003ccode\u003e@​everhardt\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/martijnimhoff\"\u003e\u003ccode\u003e@​martijnimhoff\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/980371bb6057d78d479b5cfc18683392abd2c45f\"\u003e\u003ccode\u003e980371b\u003c/code\u003e\u003c/a\u003e Guard against unbounded control response\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/50827c73ca6c1d786c97276e47be8a33d0f2277d\"\u003e\u003ccode\u003e50827c7\u003c/code\u003e\u003c/a\u003e Adjust changelog to match release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/c9378a8ff73b96e89f17525266d648ce495286a6\"\u003e\u003ccode\u003ec9378a8\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/22abe4356782f499d97418f0a7a2c3bb02db72b7\"\u003e\u003ccode\u003e22abe43\u003c/code\u003e\u003c/a\u003e Update Github Actions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/0feaaec3d4394bb3470edd006df933d2b6e64689\"\u003e\u003ccode\u003e0feaaec\u003c/code\u003e\u003c/a\u003e Fix test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/6629d7d7abe9169543a8ff60a6dc32e6fe7cf91c\"\u003e\u003ccode\u003e6629d7d\u003c/code\u003e\u003c/a\u003e Improve error message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/9c3bf4f893470cd2418b54862eb9b609efc3d335\"\u003e\u003ccode\u003e9c3bf4f\u003c/code\u003e\u003c/a\u003e Set higher default value for max size of directory listing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/acd3942c81ac27caf998b0ed13f3ce85c0fc6320\"\u003e\u003ccode\u003eacd3942\u003c/code\u003e\u003c/a\u003e Bump version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/130442932b1ef27a550c915f231c07eae01e665a\"\u003e\u003ccode\u003e1304429\u003c/code\u003e\u003c/a\u003e Offer maxListingBytes as an option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/patrickjuchli/basic-ftp/commit/5cb5367e86d8a2991224fb2b82e4933d27c07904\"\u003e\u003ccode\u003e5cb5367\u003c/code\u003e\u003c/a\u003e Add bounded StringWriter\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/patrickjuchli/basic-ftp/compare/v5.0.4...v5.3.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~patrickjuchli\"\u003epatrickjuchli\u003c/a\u003e, a new releaser for basic-ftp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 4.0.2 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.4 - January 2026\u003c/h2\u003e\n\u003cp\u003eOnly change from 4.0.2 is a backport of the fix to \u003ca href=\"https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx\"\u003ehttps://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev4.0.3 (deprecated)\u003c/h2\u003e\n\u003cp\u003eAccidental release - do not use.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/f06f3e4cacad5955caf891a8a02c5bb1c954bcb5\"\u003e\u003ccode\u003ef06f3e4\u003c/code\u003e\u003c/a\u003e v4.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/0179a484ffaec7c8d5d6b69d8c3905473383de75\"\u003e\u003ccode\u003e0179a48\u003c/code\u003e\u003c/a\u003e v4.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4568cae5ae7646962bf3c5641907d1fb5af90683\"\u003e\u003ccode\u003e4568cae\u003c/code\u003e\u003c/a\u003e Backport \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/649\"\u003ekpdecker/jsdiff#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/4de0ffa13ad51db7a27567c2b870fb4e43f0814a\"\u003e\u003ccode\u003e4de0ffa\u003c/code\u003e\u003c/a\u003e Backport \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/647\"\u003ekpdecker/jsdiff#647\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/v4.0.2...v4.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com...\n\n_Description has been truncated_","html_url":"https://github.com/reaphq/iam-identity-center-team/pull/37","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/reaphq%2Fiam-identity-center-team/issues/37","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/37/packages"}},{"old_version":"1.1.1","new_version":"1.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-08T23:07:52.000Z","version_change":"1.1.1 → 1.3.0","issue":{"uuid":"4409958984","node_id":"PR_kwDOOkJiQ87Zt3OP","number":34,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 24 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-08T23:07:52.000Z","updated_at":"2026-05-09T18:00:47.234Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":24,"packages":[{"name":"axios","old_version":"1.9.0","new_version":"1.15.2","repository_url":"https://github.com/axios/axios"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"js-yaml","old_version":"4.1.0","new_version":"4.1.1","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"@xmldom/xmldom","old_version":"0.8.10","new_version":"0.8.13","repository_url":"https://github.com/xmldom/xmldom"},{"name":"ajv","old_version":"8.17.1","new_version":"8.20.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"brace-expansion","old_version":"2.0.1","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"fast-uri","old_version":"3.0.6","new_version":"3.1.2","repository_url":"https://github.com/fastify/fast-uri"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"9.0.5","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"form-data","old_version":"3.0.3","new_version":"3.0.4","repository_url":"https://github.com/form-data/form-data"},{"name":"immutable","old_version":"5.1.1","new_version":"5.1.5","repository_url":"https://github.com/immutable-js/immutable-js"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"on-headers","old_version":"1.0.2","new_version":"1.1.0","repository_url":"https://github.com/jshttp/on-headers"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"2.7.1","new_version":"2.8.4","repository_url":"https://github.com/eemeli/yaml"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.1","repository_url":"https://github.com/ljharb/qs"},{"name":"react-router","old_version":"7.5.3","new_version":"7.15.0","repository_url":"https://github.com/remix-run/react-router"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"socket.io-parser","old_version":"4.2.4","new_version":"4.2.6","repository_url":"https://github.com/socketio/socket.io"},{"name":"webpack","old_version":"5.99.7","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 22 updates in the /client directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.9.0` | `1.15.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [@xmldom/xmldom](https://github.com/xmldom/xmldom) | `0.8.10` | `0.8.13` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.17.1` | `8.20.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [fast-uri](https://github.com/fastify/fast-uri) | `3.0.6` | `3.1.2` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [form-data](https://github.com/form-data/form-data) | `3.0.3` | `3.0.4` |\n| [immutable](https://github.com/immutable-js/immutable-js) | `5.1.1` | `5.1.5` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [yaml](https://github.com/eemeli/yaml) | `2.7.1` | `2.8.4` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.1` |\n| [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `7.5.3` | `7.15.0` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.4` | `4.2.6` |\n| [webpack](https://github.com/webpack/webpack) | `5.99.7` | `5.106.2` |\n\n\nUpdates `axios` from 1.9.0 to 1.15.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.15.1\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eLocation\u003c/code\u003e Request Header Type:\u003c/strong\u003e Adds \u003ccode\u003eLocation\u003c/code\u003e to \u003ccode\u003eCommonRequestHeadersList\u003c/code\u003e for accurate typing of redirect-aware requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7528\"\u003e#7528\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormData Handling:\u003c/strong\u003e Removes \u003ccode\u003eContent-Type\u003c/code\u003e when no boundary is present on \u003ccode\u003eFormData\u003c/code\u003e fetch requests, supports multi-select fields, cancels \u003ccode\u003erequest.body\u003c/code\u003e instead of the source stream on fetch abort, and fixes a recursion bug in form-data serialisation. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7314\"\u003e#7314\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10676\"\u003e#10676\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10702\"\u003e#10702\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10726\"\u003e#10726\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP Adapter:\u003c/strong\u003e Handles socket-only request errors without leaking keep-alive listeners. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10576\"\u003e#10576\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProgress Events:\u003c/strong\u003e Clamps \u003ccode\u003eloaded\u003c/code\u003e to \u003ccode\u003etotal\u003c/code\u003e for computable upload/download progress events. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7458\"\u003e#7458\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTypes:\u003c/strong\u003e Aligns \u003ccode\u003erunWhen\u003c/code\u003e type with the runtime behaviour in \u003ccode\u003eInterceptorManager\u003c/code\u003e and makes response header keys case-insensitive. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7529\"\u003e#7529\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10677\"\u003e#10677\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003ebuildFullPath\u003c/code\u003e:\u003c/strong\u003e Uses strict equality in the base/relative URL check. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7252\"\u003e#7252\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eAxiosURLSearchParams\u003c/code\u003e Regex:\u003c/strong\u003e Improves the regex used for param serialisation to avoid edge-case mismatches. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10736\"\u003e#10736\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eResilient Value Parsing:\u003c/strong\u003e Parses out header/config values instead of throwing on malformed input. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10687\"\u003e#10687\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.2 - April 21, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers prototype-pollution hardening for the Node HTTP adapter, adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e allowlist to mitigate SSRF via Unix domain sockets, fixes a keep-alive socket memory leak, and ships supply-chain hardening across CI and security docs.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003ePrototype Pollution Hardening (HTTP Adapter):\u003c/strong\u003e Hardened the Node HTTP adapter and \u003ccode\u003eresolveConfig\u003c/code\u003e/\u003ccode\u003emergeConfig\u003c/code\u003e/validator paths to read only own properties and use null-prototype config objects, preventing polluted \u003ccode\u003eauth\u003c/code\u003e, \u003ccode\u003ebaseURL\u003c/code\u003e, \u003ccode\u003esocketPath\u003c/code\u003e, \u003ccode\u003ebeforeRedirect\u003c/code\u003e, and \u003ccode\u003einsecureHTTPParser\u003c/code\u003e from influencing requests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSSRF via \u003ccode\u003esocketPath\u003c/code\u003e:\u003c/strong\u003e Rejects non-string \u003ccode\u003esocketPath\u003c/code\u003e values and adds an opt-in \u003ccode\u003eallowedSocketPaths\u003c/code\u003e config option to restrict permitted Unix domain socket paths, returning \u003ccode\u003eAxiosError\u003c/code\u003e \u003ccode\u003eERR_BAD_OPTION_VALUE\u003c/code\u003e on mismatch. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eSupply-chain Hardening:\u003c/strong\u003e Added \u003ccode\u003e.npmrc\u003c/code\u003e with \u003ccode\u003eignore-scripts=true\u003c/code\u003e, lockfile lint CI, non-blocking reproducible build diff, scoped CODEOWNERS, expanded \u003ccode\u003eSECURITY.md\u003c/code\u003e/\u003ccode\u003eTHREATMODEL.md\u003c/code\u003e with provenance verification (\u003ccode\u003enpm audit signatures\u003c/code\u003e), 60-day resolution policy, and maintainer incident-response runbook. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003eallowedSocketPaths\u003c/code\u003e Config Option:\u003c/strong\u003e New request config option (and TypeScript types) to allowlist Unix domain socket paths used by the Node http adapter; backwards compatible when unset. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eKeep-alive Socket Memory Leak:\u003c/strong\u003e Installs a single per-socket \u003ccode\u003eerror\u003c/code\u003e listener tracking the active request via \u003ccode\u003ekAxiosSocketListener\u003c/code\u003e/\u003ccode\u003ekAxiosCurrentReq\u003c/code\u003e, eliminating per-request listener accumulation, \u003ccode\u003eMaxListenersExceededWarning\u003c/code\u003e, and linear heap growth under concurrent or long-running keep-alive workloads (fixes \u003ca href=\"https://redirect.github.com/axios/axios/issues/10780\"\u003e#10780\u003c/a\u003e). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eChangelog:\u003c/strong\u003e Updated \u003ccode\u003eCHANGELOG.md\u003c/code\u003e with v1.15.1 release notes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.15.1...v1.15.2\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.15.1 - April 19, 2026\u003c/h2\u003e\n\u003cp\u003eThis release ships a coordinated set of security hardening fixes across headers, body/redirect limits, multipart handling, and XSRF/prototype-pollution vectors, alongside a broad sweep of bug fixes, test migrations, and threat-model documentation updates.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection Hardening:\u003c/strong\u003e Tightened validation and sanitisation across request header construction to close the header-injection attack surface. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10749\"\u003e#10749\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCRLF Stripping in Multipart Headers:\u003c/strong\u003e Correctly strips CR/LF from multipart header values to prevent injection via field names and filenames. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10758\"\u003e#10758\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003ePrototype Pollution / Auth Bypass:\u003c/strong\u003e Replaced unsafe \u003ccode\u003ein\u003c/code\u003e checks with \u003ccode\u003ehasOwnProperty\u003c/code\u003e to prevent authentication bypass via prototype pollution on config objects, with additional regression tests. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10761\"\u003e#10761\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10760\"\u003e#10760\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003ewithXSRFToken\u003c/code\u003e Truthy Bypass:\u003c/strong\u003e Short-circuits on any truthy non-boolean value, so an ambiguous config no longer silently leaks the XSRF token cross-origin. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003emaxBodyLength\u003c/code\u003e With Zero Redirects:\u003c/strong\u003e Enforces \u003ccode\u003emaxBodyLength\u003c/code\u003e even when \u003ccode\u003emaxRedirects\u003c/code\u003e is set to \u003ccode\u003e0\u003c/code\u003e, closing a bypass path for oversized request bodies. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10753\"\u003e#10753\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eStreamed Response \u003ccode\u003emaxContentLength\u003c/code\u003e Bypass:\u003c/strong\u003e Applies \u003ccode\u003emaxContentLength\u003c/code\u003e to streamed responses that previously bypassed the cap. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10754\"\u003e#10754\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eFollow-up CVE Completion:\u003c/strong\u003e Completes an earlier incomplete CVE fix to fully close the regression window. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10755\"\u003e#10755\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eAI-Based Docs Translations:\u003c/strong\u003e Initial scaffold for AI-assisted translations of the documentation site. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10705\"\u003e#10705\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/582934382e4e0e0bcb679c628071a4203e93cf57\"\u003e\u003ccode\u003e5829343\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.2 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10789\"\u003e#10789\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4709a48fa2717ba97f43f5432d48ca4e26c2d326\"\u003e\u003ccode\u003e4709a48\u003c/code\u003e\u003c/a\u003e fix: added fix for memory leak in sockets (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10788\"\u003e#10788\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/be3336014e01f9a4fc1f8aef15303cf7daaf58db\"\u003e\u003ccode\u003ebe33360\u003c/code\u003e\u003c/a\u003e chore: update changelog (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10781\"\u003e#10781\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/47915144662f2733e6c051bdcb895a8c8f0586aa\"\u003e\u003ccode\u003e4791514\u003c/code\u003e\u003c/a\u003e fix: more header pollutions (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10779\"\u003e#10779\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/6feafcff6c2dbafe206161c5d09e38e1d36af66f\"\u003e\u003ccode\u003e6feafcf\u003c/code\u003e\u003c/a\u003e fix: socket issue (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10777\"\u003e#10777\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/302e2739c602f00e323d4f3f5c79500647633a73\"\u003e\u003ccode\u003e302e273\u003c/code\u003e\u003c/a\u003e docs: update docs, add a couple actions etc (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10776\"\u003e#10776\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/ac42446be51300fe214ba3c6e40cc95f34fd6871\"\u003e\u003ccode\u003eac42446\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.1 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10767\"\u003e#10767\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/908f2206b6bfeff67236784abce85935698ac1d9\"\u003e\u003ccode\u003e908f220\u003c/code\u003e\u003c/a\u003e docs: update threatmodel (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10765\"\u003e#10765\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/f93f8155250c2e066205521eda05ae22983a1f6d\"\u003e\u003ccode\u003ef93f815\u003c/code\u003e\u003c/a\u003e docs: added docs around potential decompressions bomb (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10763\"\u003e#10763\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/1728aa1b15b8857f970611fd8983c06b423fc486\"\u003e\u003ccode\u003e1728aa1\u003c/code\u003e\u003c/a\u003e fix: short-circuits on any truthy non-boolean in withXSRFToken (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10762\"\u003e#10762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.9.0...v1.15.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.14.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 4.1.0 to 4.1.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@xmldom/xmldom` from 0.8.10 to 0.8.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/releases\"\u003e@​xmldom/xmldom's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.8.13\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e0.8.12\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/xmldom/xmldom/discussions/357\"\u003ehttps://github.com/xmldom/xmldom/discussions/357\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e0.8.11\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.10...0.8.11\"\u003e0.8.11\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate \u003ccode\u003eownerDocument\u003c/code\u003e when moving nodes between documents \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/933\"\u003e\u003ccode\u003e[#933](https://github.com/xmldom/xmldom/issues/933)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/932\"\u003e\u003ccode\u003e[#932](https://github.com/xmldom/xmldom/issues/932)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you, \u003ca href=\"https://github.com/shunkica\"\u003e\u003ccode\u003e@​shunkica\u003c/code\u003e\u003c/a\u003e, for your contributions\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md\"\u003e@​xmldom/xmldom's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.12...0.8.13\"\u003e0.8.13\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e (and \u003ccode\u003eNode.toString()\u003c/code\u003e, \u003ccode\u003eNodeList.toString()\u003c/code\u003e) now accept a \u003ccode\u003erequireWellFormed\u003c/code\u003e option (fourth argument, after \u003ccode\u003eisHtml\u003c/code\u003e and \u003ccode\u003enodeFilter\u003c/code\u003e). When \u003ccode\u003e{ requireWellFormed: true }\u003c/code\u003e is passed, the serializer throws \u003ccode\u003eInvalidStateError\u003c/code\u003e for injection-prone node content, preventing XML injection via attacker-controlled node data. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8\"\u003e\u003ccode\u003eGHSA-j759-j44w-7fr8\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx\"\u003e\u003ccode\u003eGHSA-x6wf-f3px-wcqx\u003c/code\u003e\u003c/a\u003e \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h\"\u003e\u003ccode\u003eGHSA-f6ww-3ggp-fr8h\u003c/code\u003e\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eComment: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e--\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eProcessingInstruction: throws when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e?\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eDocumentType: throws when \u003ccode\u003epublicId\u003c/code\u003e fails \u003ccode\u003ePubidLiteral\u003c/code\u003e, \u003ccode\u003esystemId\u003c/code\u003e fails \u003ccode\u003eSystemLiteral\u003c/code\u003e, or \u003ccode\u003einternalSubset\u003c/code\u003e contains \u003ccode\u003e]\u0026gt;\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eSecurity: DOM traversal operations (\u003ccode\u003eXMLSerializer.serializeToString()\u003c/code\u003e, \u003ccode\u003eNode.prototype.normalize()\u003c/code\u003e, \u003ccode\u003eNode.prototype.cloneNode(true)\u003c/code\u003e, \u003ccode\u003eDocument.prototype.importNode(node, true)\u003c/code\u003e, \u003ccode\u003enode.textContent\u003c/code\u003e getter, \u003ccode\u003egetElementsByTagName()\u003c/code\u003e / \u003ccode\u003egetElementsByTagNameNS()\u003c/code\u003e / \u003ccode\u003egetElementsByClassName()\u003c/code\u003e / \u003ccode\u003egetElementById()\u003c/code\u003e) are now iterative. Previously, deeply nested DOM trees would exhaust the JavaScript call stack and throw an unrecoverable \u003ccode\u003eRangeError\u003c/code\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw\"\u003e\u003ccode\u003eGHSA-2v35-w6hq-6mfw\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/Jvr2022\"\u003e\u003ccode\u003e@​Jvr2022\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/praveen-kv\"\u003e\u003ccode\u003e@​praveen-kv\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/TharVid\"\u003e\u003ccode\u003e@​TharVid\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/decsecre583\"\u003e\u003ccode\u003e@​decsecre583\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/tlsbollei\"\u003e\u003ccode\u003e@​tlsbollei\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/KarimTantawey\"\u003e\u003ccode\u003e@​KarimTantawey\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.9.8...0.9.9\"\u003e0.9.9\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimplement \u003ccode\u003eParentNode.children\u003c/code\u003e getter \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/960\"\u003e\u003ccode\u003e[#960](https://github.com/xmldom/xmldom/issues/960)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/410\"\u003e\u003ccode\u003e[#410](https://github.com/xmldom/xmldom/issues/410)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity: \u003ccode\u003ecreateCDATASection\u003c/code\u003e now throws \u003ccode\u003eInvalidCharacterError\u003c/code\u003e when \u003ccode\u003edata\u003c/code\u003e contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e, as required by the \u003ca href=\"https://dom.spec.whatwg.org/#dom-document-createcdatasection\"\u003eWHATWG DOM spec\u003c/a\u003e. \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSecurity: \u003ccode\u003eXMLSerializer\u003c/code\u003e now splits CDATASection nodes whose data contains \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (\u003ccode\u003eappendData\u003c/code\u003e, \u003ccode\u003ereplaceData\u003c/code\u003e, \u003ccode\u003e.data =\u003c/code\u003e, \u003ccode\u003e.textContent =\u003c/code\u003e). \u003ca href=\"https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp\"\u003e\u003ccode\u003eGHSA-wh4c-j3r5-mjhp\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ecorrectly traverse ancestor chain in \u003ccode\u003eNode.contains\u003c/code\u003e \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/931\"\u003e\u003ccode\u003e[#931](https://github.com/xmldom/xmldom/issues/931)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eCode that passes a string containing \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e to \u003ccode\u003ecreateCDATASection\u003c/code\u003e and relied on the previously unsafe behavior will now receive \u003ccode\u003eInvalidCharacterError\u003c/code\u003e. Use a mutation method such as \u003ccode\u003eappendData\u003c/code\u003e if you intentionally need \u003ccode\u003e\u0026quot;]]\u0026gt;\u0026quot;\u003c/code\u003e in a CDATASection node's data.\u003c/p\u003e\n\u003ch3\u003eChore\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdated dependencies\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eThank you,\n\u003ca href=\"https://github.com/stevenobiajulu\"\u003e\u003ccode\u003e@​stevenobiajulu\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/yoshi389111\"\u003e\u003ccode\u003e@​yoshi389111\u003c/code\u003e\u003c/a\u003e,\n\u003ca href=\"https://github.com/thesmartshadow\"\u003e\u003ccode\u003e@​thesmartshadow\u003c/code\u003e\u003c/a\u003e,\nfor your contributions\u003c/p\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12\"\u003e0.8.12\u003c/a\u003e\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003epreserve trailing whitespace in ProcessingInstruction data \u003ca href=\"https://redirect.github.com/xmldom/xmldom/pull/962\"\u003e\u003ccode\u003e[#962](https://github.com/xmldom/xmldom/issues/962)\u003c/code\u003e\u003c/a\u003e / \u003ca href=\"https://redirect.github.com/xmldom/xmldom/issues/42\"\u003e\u003ccode\u003e[#42](https://github.com/xmldom/xmldom/issues/42)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e5c14802592685bb872c042c54c3f73758875c85\"\u003e\u003ccode\u003ee5c1480\u003c/code\u003e\u003c/a\u003e 0.8.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/9611e20d75f059dc377f806a8f7ee7d1eaeaeb7c\"\u003e\u003ccode\u003e9611e20\u003c/code\u003e\u003c/a\u003e style: drop unused import in test file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/dc4dff3d1d0b5a6b97c52fcc1823a735b8821e62\"\u003e\u003ccode\u003edc4dff3\u003c/code\u003e\u003c/a\u003e docs: add 0.8.13 changelog entry\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/842fa38deedd2d9a9c90d0ad54aa1be75d2a41bc\"\u003e\u003ccode\u003e842fa38\u003c/code\u003e\u003c/a\u003e fix: prevent stack overflow in normalize (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/aeff69f5a32e8c1bd540683da9e10718f84f595c\"\u003e\u003ccode\u003eaeff69f\u003c/code\u003e\u003c/a\u003e test: add normalize behavioral coverage to node.test.js\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/cbdb0d7db8ae70760bd4cc181cb8f30bb0cd9d88\"\u003e\u003ccode\u003ecbdb0d7\u003c/code\u003e\u003c/a\u003e fix: make walkDOM iterative to prevent stack overflow (GHSA-2v35-w6hq-6mfw)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/0b543d31794dc198c86a0358574cb5dec29674c5\"\u003e\u003ccode\u003e0b543d3\u003c/code\u003e\u003c/a\u003e test: assert namespace declarations are isolated between siblings in serializ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/c007c51909587990c962cf3d5c2acadf4c897b87\"\u003e\u003ccode\u003ec007c51\u003c/code\u003e\u003c/a\u003e refactor: migrate serializeToString to walkDOM\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/2bb3899074820089d9e76ce28a5edfdacf425025\"\u003e\u003ccode\u003e2bb3899\u003c/code\u003e\u003c/a\u003e test: add serializeToString coverage for uncovered branches\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/xmldom/xmldom/commit/e69f38d0a58731152d300e8c8eb29506f5f488fe\"\u003e\u003ccode\u003ee69f38d\u003c/code\u003e\u003c/a\u003e refactor: migrate importNode to walkDOM\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/xmldom/xmldom/compare/0.8.10...0.8.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~karfau\"\u003ekarfau\u003c/a\u003e, a new releaser for \u003ccode\u003e@​xmldom/xmldom\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.17.1 to 8.20.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.20.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: add support for node 22/24, drop node 16/21 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2580\"\u003eajv-validator/ajv#2580\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add ES2022.RegExp for RegExpIndicesArray by \u003ca href=\"https://github.com/SignpostMarv\"\u003e\u003ccode\u003e@​SignpostMarv\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2604\"\u003eajv-validator/ajv#2604\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.19.0...v8.20.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix prototype pollution via format keyword using $data ref by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2607\"\u003eajv-validator/ajv#2607\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.18.0...v8.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/0fba0b8e649909613cfce0999b149cd08f4a4987\"\u003e\u003ccode\u003e0fba0b8\u003c/code\u003e\u003c/a\u003e 8.20.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9caf8d64409b05e2c670b3ff09cf7ca07937342e\"\u003e\u003ccode\u003e9caf8d6\u003c/code\u003e\u003c/a\u003e fix: add ES2022.RegExp for RegExpIndicesArray; fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2603\"\u003eajv-validator/ajv#2603\u003c/a\u003e (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/206535071f776f57737394c8896d4b2dc2bfb9a3\"\u003e\u003ccode\u003e2065350\u003c/code\u003e\u003c/a\u003e fix: add support for node 22/24, drop node 16/21 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2580\"\u003e#2580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/154b58d690c6596e09ca676e12720ab8234ee3d2\"\u003e\u003ccode\u003e154b58d\u003c/code\u003e\u003c/a\u003e 8.19.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e8d2bdc501b3ba6f03922db5e595770d4763d9da\"\u003e\u003ccode\u003ee8d2bdc\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2607\"\u003e#2607\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.20.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.1 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-uri` from 3.0.6 to 3.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/fastify/fast-uri/releases\"\u003efast-uri's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.2\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eHandle malformed fragment decoding as a parse error by \u003ca href=\"https://github.com/mcollina\"\u003e\u003ccode\u003e@​mcollina\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/171\"\u003efastify/fast-uri#171\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.1\u003c/h2\u003e\n\u003ch2\u003e⚠️ Security Release\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\"\u003ehttps://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebuild(deps-dev): bump tsd from 0.32.0 to 0.33.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/148\"\u003efastify/fast-uri#148\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/149\"\u003efastify/fast-uri#149\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(.npmrc): ignore scripts by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/150\"\u003efastify/fast-uri#150\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): remove \u003ccode\u003e@​fastify/pre-commit\u003c/code\u003e by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/151\"\u003efastify/fast-uri#151\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/152\"\u003efastify/fast-uri#152\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): add concurrency config by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/153\"\u003efastify/fast-uri#153\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/setup-node from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/154\"\u003efastify/fast-uri#154\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/checkout from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/156\"\u003efastify/fast-uri#156\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(license): standardise license notice by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/159\"\u003efastify/fast-uri#159\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003estyle: remove trailing whitespace by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/161\"\u003efastify/fast-uri#161\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: remove unused github files by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore: update readme by \u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/164\"\u003efastify/fast-uri#164\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/165\"\u003efastify/fast-uri#165\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/166\"\u003efastify/fast-uri#166\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/167\"\u003efastify/fast-uri#167\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: add lock-threads workflow by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/169\"\u003efastify/fast-uri#169\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Tony133\"\u003e\u003ccode\u003e@​Tony133\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/162\"\u003efastify/fast-uri#162\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\"\u003ehttps://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: remove master branch support by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/126\"\u003efastify/fast-uri#126\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(test) remove .gitkeep by \u003ca href=\"https://github.com/Fdawgs\"\u003e\u003ccode\u003e@​Fdawgs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/fastify/fast-uri/pull/128\"\u003efastify/fast-uri#128\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(ci): set job per...\n\n_Description has been truncated_","html_url":"https://github.com/realbrodiwhite/royalgamesclient/pull/34","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/realbrodiwhite%2Froyalgamesclient/issues/34","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/34/packages"}},{"old_version":"1.1.1","new_version":"1.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-02T08:55:04.000Z","version_change":"1.1.1 → 1.3.0","issue":{"uuid":"4368496830","node_id":"PR_kwDOJKNMac7XnwO5","number":174,"state":"open","title":"chore(deps): bump the npm_and_yarn group across 2 directories with 28 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-02T08:55:04.000Z","updated_at":"2026-05-02T08:55:59.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"npm_and_yarn","update_count":28,"packages":[{"name":"webpack","old_version":"5.88.2","new_version":"5.104.1","repository_url":"https://github.com/webpack/webpack"},{"name":"uuid","old_version":"9.0.1","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"@babel/helpers","old_version":"7.26.9","new_version":"7.29.2","repository_url":"https://github.com/babel/babel"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"base-x","old_version":"3.0.9","new_version":"3.0.11","repository_url":"https://github.com/cryptocoinjs/base-x"},{"name":"bn.js","old_version":"4.12.0","new_version":"4.12.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"cipher-base","old_version":"1.0.4","new_version":"1.0.7","repository_url":"https://github.com/crypto-browserify/cipher-base"},{"name":"diff","old_version":"5.1.0","new_version":"5.2.2","repository_url":"https://github.com/kpdecker/jsdiff"},{"name":"fast-xml-parser","old_version":"4.5.3","new_version":"4.5.6","repository_url":"https://github.com/NaturalIntelligence/fast-xml-parser"},{"name":"flatted","old_version":"3.2.9","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.6","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"form-data","old_version":"3.0.1","new_version":"3.0.4","repository_url":"https://github.com/form-data/form-data"},{"name":"http-proxy-middleware","old_version":"2.0.6","new_version":"2.0.9","repository_url":"https://github.com/chimurai/http-proxy-middleware"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.17.23","repository_url":"https://github.com/lodash/lodash"},{"name":"multer","old_version":"1.4.5-lts.1","new_version":"1.4.5-lts.2","repository_url":"https://github.com/expressjs/multer"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"pbkdf2","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/browserify/pbkdf2"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"2.79.1","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"sha.js","old_version":"2.4.11","new_version":"2.4.12","repository_url":"https://github.com/crypto-browserify/sha.js"},{"name":"socket.io-parser","old_version":"4.2.4","new_version":"4.2.6","repository_url":"https://github.com/socketio/socket.io"},{"name":"tar-fs","old_version":"2.1.1","new_version":"2.1.4","repository_url":"https://github.com/mafintosh/tar-fs"},{"name":"webpack-dev-server","old_version":"4.15.1","new_version":"4.15.2","repository_url":"https://github.com/webpack/webpack-dev-server"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 27 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [webpack](https://github.com/webpack/webpack) | `5.88.2` | `5.104.1` |\n| [uuid](https://github.com/uuidjs/uuid) | `9.0.1` | `14.0.0` |\n| [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.26.9` | `7.29.2` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [base-x](https://github.com/cryptocoinjs/base-x) | `3.0.9` | `3.0.11` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.12.0` | `4.12.3` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [cipher-base](https://github.com/crypto-browserify/cipher-base) | `1.0.4` | `1.0.7` |\n| [diff](https://github.com/kpdecker/jsdiff) | `5.1.0` | `5.2.2` |\n| [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) | `4.5.3` | `4.5.6` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.2.9` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.6` | `1.16.0` |\n| [form-data](https://github.com/form-data/form-data) | `3.0.1` | `3.0.4` |\n| [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.6` | `2.0.9` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` |\n| [multer](https://github.com/expressjs/multer) | `1.4.5-lts.1` | `1.4.5-lts.2` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [pbkdf2](https://github.com/browserify/pbkdf2) | `3.1.2` | `3.1.5` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.1` | `2.80.0` |\n| [sha.js](https://github.com/crypto-browserify/sha.js) | `2.4.11` | `2.4.12` |\n| [socket.io-parser](https://github.com/socketio/socket.io) | `4.2.4` | `4.2.6` |\n| [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.1` | `2.1.4` |\n| [webpack-dev-server](https://github.com/webpack/webpack-dev-server) | `4.15.1` | `4.15.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n\nBumps the npm_and_yarn group with 1 update in the /packages/snap directory: [uuid](https://github.com/uuidjs/uuid).\n\nUpdates `webpack` from 5.88.2 to 5.104.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/releases\"\u003ewebpack's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.104.1\u003c/h2\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.104.0\u003c/h2\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.103.0\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003eDotenvPlugin\u003c/code\u003e and top level \u003ccode\u003edotenv\u003c/code\u003e option to enable this plugin\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003eWebpackManifestPlugin\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003eAdded support the \u003ccode\u003eignoreList\u003c/code\u003e option in devtool plugins\u003c/li\u003e\n\u003cli\u003eAllow to use custom javascript parse function\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webpack/webpack/blob/main/CHANGELOG.md\"\u003ewebpack's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.104.1\u003c/h2\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e2efd21b: Reexports runtime calculation should not accessing \u003cstrong\u003eWEBPACK_IMPORT_KEY\u003c/strong\u003e decl with var.\u003c/li\u003e\n\u003cli\u003ec510070: Fixed a user information bypass vulnerability in the HttpUriPlugin plugin.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.104.0\u003c/h2\u003e\n\u003ch3\u003eMinor Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ed3dd841: Use method shorthand to render module content in \u003ccode\u003e__webpack_modules__\u003c/code\u003e object.\u003c/li\u003e\n\u003cli\u003ed3dd841: Enhance \u003ccode\u003eimport.meta.env\u003c/code\u003e to support object access.\u003c/li\u003e\n\u003cli\u003e4baab4e: Optimize dependency sorting in updateParent: sort each module only once by deferring to finishUpdateParent(), and reduce traversal count in sortWithSourceOrder by caching WeakMap values upfront.\u003c/li\u003e\n\u003cli\u003e04cd530: Handle more at-rules for CSS modules.\u003c/li\u003e\n\u003cli\u003ecafae23: Added options to control the renaming of at-rules and various identifiers in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added \u003ccode\u003ebase64url\u003c/code\u003e, \u003ccode\u003ebase62\u003c/code\u003e, \u003ccode\u003ebase58\u003c/code\u003e, \u003ccode\u003ebase52\u003c/code\u003e, \u003ccode\u003ebase49\u003c/code\u003e, \u003ccode\u003ebase36\u003c/code\u003e, \u003ccode\u003ebase32\u003c/code\u003e and \u003ccode\u003ebase25\u003c/code\u003e digests.\u003c/li\u003e\n\u003cli\u003e5983843: Provide a stable runtime function variable \u003ccode\u003e__webpack_global__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Improved \u003ccode\u003elocalIdentName\u003c/code\u003e hashing for CSS.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePatch Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e22c48fb: Added module existence check for informative error message in development mode.\u003c/li\u003e\n\u003cli\u003e50689e1: Use the fully qualified class name (or export name) for \u003ccode\u003e[fullhash]\u003c/code\u003e placeholder in CSS modules.\u003c/li\u003e\n\u003cli\u003ed3dd841: Support universal lazy compilation.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed module library export definitions when multiple runtimes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Fixed CSS nesting and CSS custom properties parsing.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't write fragment from URL to filename and apply fragment to module URL.\u003c/li\u003e\n\u003cli\u003eaab1da9: Fixed bugs for \u003ccode\u003ecss/global\u003c/code\u003e type.\u003c/li\u003e\n\u003cli\u003ed3dd841: Compatibility \u003ccode\u003eimport.meta.filename\u003c/code\u003e and \u003ccode\u003eimport.meta.dirname\u003c/code\u003e with \u003ccode\u003eeval\u003c/code\u003e devtools.\u003c/li\u003e\n\u003cli\u003ed3dd841: Handle nested \u003ccode\u003e__webpack_require__\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e728ddb7: The speed of identifier parsing has been improved.\u003c/li\u003e\n\u003cli\u003e0f8b31b: Improve types.\u003c/li\u003e\n\u003cli\u003ed3dd841: Don't corrupt \u003ccode\u003edebugId\u003c/code\u003e injection when \u003ccode\u003ehidden-source-map\u003c/code\u003e is used.\u003c/li\u003e\n\u003cli\u003e2179fdb: Re-validate HttpUriPlugin redirects against allowedUris, restrict to http(s) and add a conservative redirect limit to prevent SSRF and untrusted content inclusion. Redirects failing policy are rejected before caching/lockfile writes.\u003c/li\u003e\n\u003cli\u003ed3dd841: Serialize \u003ccode\u003eHookWebpackError\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003ed3dd841: Added ability to use built-in properties in dotenv and define plugin.\u003c/li\u003e\n\u003cli\u003e3c4319f: Optimizing the regular expression character class by specifying ranges for runtime code.\u003c/li\u003e\n\u003cli\u003ed3dd841: Reduce collision for local indent name in CSS.\u003c/li\u003e\n\u003cli\u003ed3dd841: Remove CSS link tags when CSS imports are removed.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/24e3c2d2c9f8c6d60810302b2ea70ed86e2863dc\"\u003e\u003ccode\u003e24e3c2d\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20253\"\u003e#20253\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2efd21b0b06baa9b1a7f009b336379dcef24c1a5\"\u003e\u003ccode\u003e2efd21b\u003c/code\u003e\u003c/a\u003e fix(re-exports): reexports runtime calculation should not accessing `__WEBPAC...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/c5100702335a9cdcb75558ccd80def2329bd4abf\"\u003e\u003ccode\u003ec510070\u003c/code\u003e\u003c/a\u003e fix(security): userinfo bypass vulnerability in HttpUriPlugin allowedUris\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/4b0501c69700963bad1285b56f9cfa74704cb963\"\u003e\u003ccode\u003e4b0501c\u003c/code\u003e\u003c/a\u003e ci: fix release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20252\"\u003e#20252\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c213cecf2906bc41102c3a4cfdd1ad3522d0171\"\u003e\u003ccode\u003e0c213ce\u003c/code\u003e\u003c/a\u003e ci: use \u003ccode\u003e\\\u0026lt;@\u0026amp;1450591255485743204\u0026gt;\u003c/code\u003e over \u003ccode\u003e@here\u003c/code\u003e for discord notificationw\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/5bf8bc51bcfb49d25b73aae450b246cd8b8b423a\"\u003e\u003ccode\u003e5bf8bc5\u003c/code\u003e\u003c/a\u003e refactor: types for benchmarks and tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/505a5e744fbcf4471ddb534bf1d4aebea9643c1b\"\u003e\u003ccode\u003e505a5e7\u003c/code\u003e\u003c/a\u003e chore(release): new release (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20188\"\u003e#20188\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/0c066808d59e4f9406e11bab4ffa2e0feacbd0e2\"\u003e\u003ccode\u003e0c06680\u003c/code\u003e\u003c/a\u003e refactor: update eslint configuration\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/2eb0d6a410513960bd7d65bf15baf15704a612eb\"\u003e\u003ccode\u003e2eb0d6a\u003c/code\u003e\u003c/a\u003e ci: release announcement (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20238\"\u003e#20238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webpack/webpack/commit/b2b24590a08755b706d2009ca97a226addf9e83b\"\u003e\u003ccode\u003eb2b2459\u003c/code\u003e\u003c/a\u003e ci: cancel in progress (\u003ca href=\"https://redirect.github.com/webpack/webpack/issues/20239\"\u003e#20239\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/webpack/webpack/compare/v5.88.2...v5.104.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 9.0.1 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d61d6ac1f782cf6b1dd8661c60f11722cd49a0d\"\u003e3d61d6a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v9.0.1...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@babel/helpers` from 7.26.9 to 7.29.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e@​babel/helpers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17789\"\u003e#17789\u003c/a\u003e [7.x backport] preset-env include/exclude should accept bugfix plugins (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:house: Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17813\"\u003e#17813\u003c/a\u003e chore: update eslint peer deps (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 2\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.1 (2026-02-04)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-standalone\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17771\"\u003e#17771\u003c/a\u003e [7.x backport] fix: ensure \u003ccode\u003etargets.esmodules\u003c/code\u003e is validated (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17776\"\u003e#17776\u003c/a\u003e [7.x backport] Fix undefined when 64 indents (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 2\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.0 (2026-01-31)\u003c/h2\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/simbahax\"\u003e\u003ccode\u003e@​simbahax\u003c/code\u003e\u003c/a\u003e for your first PR!\u003c/p\u003e\n\u003ch4\u003e:rocket: New Feature\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-types\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17750\"\u003e#17750\u003c/a\u003e [7.x backport] Add attributes import declaration builder (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-standalone\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17663\"\u003e#17663\u003c/a\u003e [7.x backport] feat(standalone): export async transform (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17725\"\u003e#17725\u003c/a\u003e [7.x backport] feat: read standalone targets from data-targets (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17765\"\u003e#17765\u003c/a\u003e fix(parser): correctly parse type assertions in \u003ccode\u003eextends\u003c/code\u003e clause (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17723\"\u003e#17723\u003c/a\u003e [7.x backport] fix(parser): improve super type argument parsing (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-traverse\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17708\"\u003e#17708\u003c/a\u003e fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (\u003ca href=\"https://github.com/simbahax\"\u003e\u003ccode\u003e@​simbahax\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-block-scoping\u003c/code\u003e, \u003ccode\u003ebabel-traverse\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17737\"\u003e#17737\u003c/a\u003e [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (\u003ca href=\"https://github.com/magic-akari\"\u003e\u003ccode\u003e@​magic-akari\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/37d5595fca9f188f0534458180611f2e776acd31\"\u003e\u003ccode\u003e37d5595\u003c/code\u003e\u003c/a\u003e v7.29.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/1c0a08d95ae7e1c788c7e1ae3a10ee53f7c86864\"\u003e\u003ccode\u003e1c0a08d\u003c/code\u003e\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17805\"\u003e#17805\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/d7f400889567ae18ef9ac41b024b5120f6060e17\"\u003e\u003ccode\u003ed7f4008\u003c/code\u003e\u003c/a\u003e v7.28.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/99dcba5e71de3bd81ce14077cfa5b6df58e9b177\"\u003e\u003ccode\u003e99dcba5\u003c/code\u003e\u003c/a\u003e chore: enable some ts-eslint rules (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17592\"\u003e#17592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/c1b55f6ad56523ccc96fa68721de0bed2f2cdb23\"\u003e\u003ccode\u003ec1b55f6\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003eeslint.config.mts\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17573\"\u003e#17573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/35055e392079a65830b7bf5b1d1c1fc4de90a78f\"\u003e\u003ccode\u003e35055e3\u003c/code\u003e\u003c/a\u003e v7.28.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/18d88b83c67c8dbbe63e4ac423e6006c4c01b85c\"\u003e\u003ccode\u003e18d88b8\u003c/code\u003e\u003c/a\u003e Improve \u003ccode\u003e@​babel/core\u003c/code\u003e typings (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17471\"\u003e#17471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/ef155f5ca83c73dbc1ea8d95216830b7dc3b0ac2\"\u003e\u003ccode\u003eef155f5\u003c/code\u003e\u003c/a\u003e v7.28.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/741cbd2381ac0cda3afd42bc04454a87d9d8762a\"\u003e\u003ccode\u003e741cbd2\u003c/code\u003e\u003c/a\u003e chore: fix various typos across codebase (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17476\"\u003e#17476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cac0ff4c3426eed30b4d27e7971b348da7c9f1e6\"\u003e\u003ccode\u003ecac0ff4\u003c/code\u003e\u003c/a\u003e v7.28.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.2/packages/babel-helpers\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/helpers\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `base-x` from 3.0.9 to 3.0.11\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cryptocoinjs/base-x/commit/043a888a9bae09bc4b40500e37792e2c6398e9f2\"\u003e\u003ccode\u003e043a888\u003c/code\u003e\u003c/a\u003e 3.0.11\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cryptocoinjs/base-x/commit/2705dddd2565b455641985974b534291d8defb31\"\u003e\u003ccode\u003e2705ddd\u003c/code\u003e\u003c/a\u003e [backport 3.x] Prohibit char codes that would overflow the \u003ccode\u003eBASE_MAP\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cryptocoinjs/base-x/commit/3d43c0e16bfbc045a0a8bb6423e6e336df81b512\"\u003e\u003ccode\u003e3d43c0e\u003c/code\u003e\u003c/a\u003e 3.0.10\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/cryptocoinjs/base-x/commit/0a3544695fa6800649a8b78ed46cece61bcdbbe5\"\u003e\u003ccode\u003e0a35446\u003c/code\u003e\u003c/a\u003e Improve decoding performance\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/cryptocoinjs/base-x/compare/v3.0.9...v3.0.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bn.js` from 4.12.0 to 4.12.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/39fe4389c773327ed15f29f77f8b7dbbff4beb4c\"\u003e\u003ccode\u003e39fe438\u003c/code\u003e\u003c/a\u003e 4.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/67ecb35dabaf252001b649c12d69c4b57deac6f6\"\u003e\u003ccode\u003e67ecb35\u003c/code\u003e\u003c/a\u003e backport(4.x): fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c4098bac2470418f8e0f6bf11fe0cb676a2b9047\"\u003e\u003ccode\u003ec4098ba\u003c/code\u003e\u003c/a\u003e 4.12.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6277fd705e51edae1c404c65f03ba2e512706945\"\u003e\u003ccode\u003e6277fd7\u003c/code\u003e\u003c/a\u003e backport(4.x): Fix imuln/muln with zero (backport of \u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/314\"\u003e#314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ac0d4afaae91701815b9edc19789e44e7690d688\"\u003e\u003ccode\u003eac0d4af\u003c/code\u003e\u003c/a\u003e 4.12.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/a5f14b43ec61bc7cafc6de2e7444913b9f581b00\"\u003e\u003ccode\u003ea5f14b4\u003c/code\u003e\u003c/a\u003e Fix serious issue in \u003ccode\u003e.toString(16)\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/309\"\u003e#309\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/0cd2661b9d08512263c940662586042ef8aaccc6\"\u003e\u003ccode\u003e0cd2661\u003c/code\u003e\u003c/a\u003e Remove package-lock.json added by npm\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/indutny/bn.js/compare/v4.12.0...v4.12.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cipher-base` from 1.0.4 to 1.0.7\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/browserify/cipher-base/blob/master/CHANGELOG.md\"\u003ecipher-base's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.6...v1.0.7\"\u003ev1.0.7\u003c/a\u003e - 2025-09-24\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.5...v1.0.6\"\u003ev1.0.6\u003c/a\u003e - 2024-11-26\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] io.js 3.0 - Node.js 5.3 typed array support \u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/browserify/cipher-base/compare/v1.0.4...v1.0.5\"\u003ev1.0.5\u003c/a\u003e - 2024-11-17\u003c/h2\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] standard -\u0026gt; eslint, make test dir, etc \u003ca href=\"https://github.com/browserify/cipher-base/commit/ae02fd6624c41ac4ac18077be797111d1955bc76\"\u003e\u003ccode\u003eae02fd6\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] migrate from travis to GHA \u003ca href=\"https://github.com/browserify/cipher-base/commit/66387d71461287ad9067bb1bcbfdc47403a33ee7\"\u003e\u003ccode\u003e66387d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix package.json indentation \u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] return valid values on multi-byte-wide TypedArray input \u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/browserify/cipher-base/commit/42528f291db16bf2e7d5f831ebe2ad87fd0b1f42\"\u003e\u003ccode\u003e42528f2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003einherits\u003c/code\u003e, \u003ccode\u003esafe-buffer\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/0e7a2d9a33a391e82fa9cf512d6e25cc91ab8613\"\u003e\u003ccode\u003e0e7a2d9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add missing \u003ccode\u003eengines.node\u003c/code\u003e \u003ca href=\"https://github.com/browserify/cipher-base/commit/f2dc13e47bbcf3c873db9a9e0f83e5f29d0783fe\"\u003e\u003ccode\u003ef2dc13e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/00567180c846dd3db3848c9223991c58a0d5490c\"\u003e\u003ccode\u003e0056718\u003c/code\u003e\u003c/a\u003e v1.0.7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/fd1e5eeafccbc8eaa827ee6b9b60c14608aa784f\"\u003e\u003ccode\u003efd1e5ee\u003c/code\u003e\u003c/a\u003e [Refactor] use \u003ccode\u003eto-buffer\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/08ba8034223a53d300b7dccf33d8f14e52379a34\"\u003e\u003ccode\u003e08ba803\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f5249f94611506ef35a8be4d48a3fc5ecf1fac63\"\u003e\u003ccode\u003ef5249f9\u003c/code\u003e\u003c/a\u003e v1.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/b7ddd2ac24e65cc47befc1e0eb5026422f8ab037\"\u003e\u003ccode\u003eb7ddd2a\u003c/code\u003e\u003c/a\u003e [Fix] io.js 3.0 - Node.js 5.3 typed array support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/f03cebfdad1cba1d56614c58affa303b0fa2a43e\"\u003e\u003ccode\u003ef03cebf\u003c/code\u003e\u003c/a\u003e v1.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/88dc806806d3dc41444dbf639c87c00f82c949b3\"\u003e\u003ccode\u003e88dc806\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/7a137d749ce7ea7ea56b9c096844b1b8ab723f61\"\u003e\u003ccode\u003e7a137d7\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003enpmignore\u003c/code\u003e and \u003ccode\u003esafe-publish-latest\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/5c02918ac58c875ed36913c2dc3e1043f4d1c99c\"\u003e\u003ccode\u003e5c02918\u003c/code\u003e\u003c/a\u003e [meta] fix package.json indentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/browserify/cipher-base/commit/8fd136432ca298a664f5637629cf2b42a6c7f294\"\u003e\u003ccode\u003e8fd1364\u003c/code\u003e\u003c/a\u003e [Fix] return valid values on multi-byte-wide TypedArray input\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/crypto-browserify/cipher-base/compare/v1.0.4...v1.0.7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for cipher-base since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `diff` from 5.1.0 to 5.2.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/kpdecker/jsdiff/blob/master/release-notes.md\"\u003ediff's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.2.2 - January 2026\u003c/h2\u003e\n\u003cp\u003eOnly change from 5.2.0 is a backport of the fix to \u003ca href=\"https://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx\"\u003ehttps://github.com/kpdecker/jsdiff/security/advisories/GHSA-73rr-hh4g-fpgx\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003ev5.2.1 (deprecated)\u003c/h2\u003e\n\u003cp\u003eAccidental release - do not use.\u003c/p\u003e\n\u003ch2\u003ev5.2.0\u003c/h2\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/compare/v5.1.0...v5.2.0\"\u003eCommits\u003c/a\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/411\"\u003e#411\u003c/a\u003e Big performance improvement. Previously an O(n) array-copying operation inside the innermost loop of jsdiff's base diffing code increased the overall worst-case time complexity of computing a diff from O(n²) to O(n³). This is now fixed, bringing the worst-case time complexity down to what it theoretically should be for a Myers diff implementation.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/448\"\u003e#448\u003c/a\u003e Performance improvement. Diagonals whose furthest-reaching D-path would go off the edge of the edit graph are now skipped, rather than being pointlessly considered as called for by the original Myers diff algorithm. This dramatically speeds up computing diffs where the new text just appends or truncates content at the end of the old text.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/351\"\u003e#351\u003c/a\u003e Importing from the lib folder - e.g. \u003ccode\u003erequire(\u0026quot;diff/lib/diff/word.js\u0026quot;)\u003c/code\u003e - will work again now. This had been broken for users on the latest version of Node since Node 17.5.0, which changed how Node interprets the \u003ccode\u003eexports\u003c/code\u003e property in jsdiff's \u003ccode\u003epackage.json\u003c/code\u003e file.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/344\"\u003e#344\u003c/a\u003e \u003ccode\u003ediffLines\u003c/code\u003e, \u003ccode\u003ecreateTwoFilesPatch\u003c/code\u003e, and other patch-creation methods now take an optional \u003ccode\u003estripTrailingCr: true\u003c/code\u003e option which causes Windows-style \u003ccode\u003e\\r\\n\u003c/code\u003e line endings to be replaced with Unix-style \u003ccode\u003e\\n\u003c/code\u003e line endings before calculating the diff, just like GNU \u003ccode\u003ediff\u003c/code\u003e's \u003ccode\u003e--strip-trailing-cr\u003c/code\u003e flag.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/451\"\u003e#451\u003c/a\u003e Added \u003ccode\u003ediff.formatPatch\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/450\"\u003e#450\u003c/a\u003e Added \u003ccode\u003ediff.reversePatch\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/478\"\u003e#478\u003c/a\u003e Added \u003ccode\u003etimeout\u003c/code\u003e option.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/b7b6339dea15baa636bebe7092ec1cbabf001dea\"\u003e\u003ccode\u003eb7b6339\u003c/code\u003e\u003c/a\u003e v5.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/b5377abefc55cd424e82308515cfbdc4d53ad8a1\"\u003e\u003ccode\u003eb5377ab\u003c/code\u003e\u003c/a\u003e Update package version to 5.2.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/78017899c4c80d51db805b6e013079cadc6ed0ae\"\u003e\u003ccode\u003e7801789\u003c/code\u003e\u003c/a\u003e Backport \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/649\"\u003ekpdecker/jsdiff#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/042a8372f331ffd3d81b1e4b799409c7d944e6fd\"\u003e\u003ccode\u003e042a837\u003c/code\u003e\u003c/a\u003e Backport \u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/pull/647\"\u003ekpdecker/jsdiff#647\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/370a9df73e12f3f4f4f6f001ac19617c4f9c1052\"\u003e\u003ccode\u003e370a9df\u003c/code\u003e\u003c/a\u003e 5.2.0 release (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/483\"\u003e#483\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/a2f726abb9bcb01418b157e0eec0b722aef242a1\"\u003e\u003ccode\u003ea2f726a\u003c/code\u003e\u003c/a\u003e Add myself to the list of maintainers (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/482\"\u003e#482\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/dfc6fe42b5b793f4d82bfc38f5e5a6f962e757bc\"\u003e\u003ccode\u003edfc6fe4\u003c/code\u003e\u003c/a\u003e Add examples to docs of creating and applying patches (importantly including ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/b5d1cfaa6da8bb759e6082b6164e01bba8b28810\"\u003e\u003ccode\u003eb5d1cfa\u003c/code\u003e\u003c/a\u003e Modify node_example.js to support showing added/deleted spaces (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/479\"\u003e#479\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/533893d4e7d7431395cf3fb7962c19ccefba95f0\"\u003e\u003ccode\u003e533893d\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003etimeout\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/478\"\u003e#478\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kpdecker/jsdiff/commit/1f1ec9672b3af4ec68abf6c8e52e8beddfae86a8\"\u003e\u003ccode\u003e1f1ec96\u003c/code\u003e\u003c/a\u003e Replace broken link to Myers's paper in the README with a working one (\u003ca href=\"https://redirect.github.com/kpdecker/jsdiff/issues/476\"\u003e#476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/kpdecker/jsdiff/compare/v5.1.0...v5.2.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~explodingcabbage\"\u003eexplodingcabbage\u003c/a\u003e, a new releaser for diff since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `fast-xml-parser` from 4.5.3 to 4.5.6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/releases\"\u003efast-xml-parser's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eSummary update on all the previous releases from v4.2.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMultiple minor fixes provided in the validator and parser\u003c/li\u003e\n\u003cli\u003ev6 is added for experimental use.\u003c/li\u003e\n\u003cli\u003eignoreAttributes support function, and array of string or regex\u003c/li\u003e\n\u003cli\u003eAdd support for parsing HTML numeric entities\u003c/li\u003e\n\u003cli\u003ev5 of the application is ESM module now. However, JS is also supported\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eNote\u003c/strong\u003e: Release section in not updated frequently. Please check \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md\"\u003eCHANGELOG\u003c/a\u003e or \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/tags\"\u003eTags\u003c/a\u003e for latest release information.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/42fbb0bc95e753e03fe52cb0805a8774bba4bf28\"\u003e\u003ccode\u003e42fbb0b\u003c/code\u003e\u003c/a\u003e update release info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/805671cb6c19108b171b876cf3e8865f18cdb8fd\"\u003e\u003ccode\u003e805671c\u003c/code\u003e\u003c/a\u003e increase expansion limit as many system need it\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/9a2cf097c2961d4ad878f618e39fb0a9f5a0e9e5\"\u003e\u003ccode\u003e9a2cf09\u003c/code\u003e\u003c/a\u003e update version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/88d0936a23dabe51bfbf42255e2ce912dfee2221\"\u003e\u003ccode\u003e88d0936\u003c/code\u003e\u003c/a\u003e apply all fixes from v5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/commit/d4eb6b4713a8d11e6730943392419040898ecbc0\"\u003e\u003ccode\u003ed4eb6b4\u003c/code\u003e\u003c/a\u003e update release version\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/NaturalIntelligence/fast-xml-parser/compare/v4.5.3...v4.5.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.2.9 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.2.9...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.6 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.6...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `form-data` from 3.0.1 to 3.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/form-data/form-data/releases\"\u003eform-data's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003enpmignore temporary build files (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/532\"\u003e#532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emove util.isArray to Array.isArray (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emigrate from travis to GHA\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/form-data/form-data/blob/master/CHANGELOG.md\"\u003eform-data's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.3...v3.0.4\"\u003ev3.0.4\u003c/a\u003e - 2025-07-16\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/577\"\u003e\u003ccode\u003e[#577](https://github.com/form-data/form-data/issues/577)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[eslint] update linting config \u003ca href=\"https://github.com/form-data/form-data/commit/f5e7eb024bc3fc7e2074ff80f143a4f4cbc1dbda\"\u003e\u003ccode\u003ef5e7eb0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5\"\u003e\u003ccode\u003ed2eb290\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23 \u003ca href=\"https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f\"\u003e\u003ccode\u003ee8c574c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values \u003ca href=\"https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd\"\u003e\u003ccode\u003ec6ced61\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003ehasown\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/1a78b5dd05e508d67e97764d812ac7c6d92ea88d\"\u003e\u003ccode\u003e1a78b5d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method \u003ca href=\"https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4\"\u003e\u003ccode\u003e70bbaa0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add tests to check the behavior of \u003ccode\u003egetBoundary\u003c/code\u003e with non-strings \u003ca href=\"https://github.com/form-data/form-data/commit/b22a64ef94ba4f3f6ff7d1ac72a54cca128567df\"\u003e\u003ccode\u003eb22a64e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] actually ensure the readme backup isn’t published \u003ca href=\"https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea\"\u003e\u003ccode\u003e0150851\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] remove local commit hooks \u003ca href=\"https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769\"\u003e\u003ccode\u003efc42bb9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] remove unused deps \u003ca href=\"https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb\"\u003e\u003ccode\u003ea14d09e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix scripts to use prepublishOnly \u003ca href=\"https://github.com/form-data/form-data/commit/11d9f7338f18a59b431832a3562b49baece0a432\"\u003e\u003ccode\u003e11d9f73\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix readme capitalization \u003ca href=\"https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932\"\u003e\u003ccode\u003efc38b48\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.2...v3.0.3\"\u003ev3.0.3\u003c/a\u003e - 2025-02-14\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/573\"\u003e\u003ccode\u003e[#573](https://github.com/form-data/form-data/issues/573)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/573\"\u003e#573\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/396\"\u003e\u003ccode\u003e[#396](https://github.com/form-data/form-data/issues/396)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003eObject.prototype.hasOwnProperty.call\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/7fecefe4ba8f775634aff86a698776ad95ecffb5\"\u003e\u003ccode\u003e7fecefe\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@types/node\u003c/code\u003e, \u003ccode\u003ebrowserify\u003c/code\u003e, \u003ccode\u003ecoveralls\u003c/code\u003e, \u003ccode\u003ecross-spawn\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003eformidable\u003c/code\u003e, \u003ccode\u003ein-publish\u003c/code\u003e, \u003ccode\u003epkgfiles\u003c/code\u003e, \u003ccode\u003epre-commit\u003c/code\u003e, \u003ccode\u003epuppeteer\u003c/code\u003e, \u003ccode\u003erequest\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e, \u003ccode\u003etypescript\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/8261fcb8bf5944d30ae3bd04b91b71d6a9932ef4\"\u003e\u003ccode\u003e8261fcb\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/form-data/form-data/commit/b82f59093cdbadb4b7ec0922d33ae7ab048b82ff\"\u003e\u003ccode\u003eb82f590\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] pin \u003ccode\u003erequest\u003c/code\u003e which via \u003ccode\u003etough-cookie\u003c/code\u003e ^2.4 depends on \u003ccode\u003epsl\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/e5df7f24383342264bd73dee3274818a40d04065\"\u003e\u003ccode\u003ee5df7f2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003emime-types\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/5a5bafee894fead10da49e1fa2b084e17f2e1034\"\u003e\u003ccode\u003e5a5bafe\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.1...v3.0.2\"\u003ev3.0.2\u003c/a\u003e - 2024-10-10\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix (npmignore): ignore temporary build files \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/532\"\u003e\u003ccode\u003e[#532](https://github.com/form-data/form-data/issues/532)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] migrate from travis to GHA \u003ca href=\"https://github.com/form-data/form-data/commit/8fdb3bc6b5d001f8909a9fca391d1d1d97ef1d79\"\u003e\u003ccode\u003e8fdb3bc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] clean up ignores \u003ca href=\"https://github.com/form-data/form-data/commit/3217b3ded8e382e51171d5c74c6038a21cc54440\"\u003e\u003ccode\u003e3217b3d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: move util.isArray to Array.isArray (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/564\"\u003e#564\u003c/a\u003e) \u003ca href=\"https://github.com/form-data/form-data/commit/edb555a811f6f7e4668db4831551cf41c1de1cac\"\u003e\u003ccode\u003eedb555a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/9c82fcdf0858b2764060a87803a55375ffbee6ed\"\u003e\u003ccode\u003e9c82fcd\u003c/code\u003e\u003c/a\u003e v3.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f\"\u003e\u003ccode\u003ee8c574c\u003c/code\u003e\u003c/a\u003e [Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd\"\u003e\u003ccode\u003ec6ced61\u003c/code\u003e\u003c/a\u003e [Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea\"\u003e\u003ccode\u003e0150851\u003c/code\u003e\u003c/a\u003e [meta] actually ensure the readme backup isn’t published\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932\"\u003e\u003ccode\u003efc38b48\u003c/code\u003e\u003c/a\u003e [meta] fix readme capitalization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5\"\u003e\u003ccode\u003ed2eb290\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769\"\u003e\u003ccode\u003efc42bb9\u003c/code\u003e\u003c/a\u003e [meta] remove local commit hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb\"\u003e\u003ccode\u003ea14d09e\u003c/code\u003e\u003c/a\u003e [Dev Deps] remove unused deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/002b9b0c4862576305292ac44f7be25ec7ccea0e\"\u003e\u003ccode\u003e002b9b0\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4\"\u003e\u003ccode\u003e70bbaa0\u003c/code\u003e\u003c/a\u003e [Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.1...v3.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for form-data since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `http-proxy-middleware` from 2.0.6 to 2.0.9\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/releases\"\u003ehttp-proxy-middleware's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.0.9\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(fixRequestBody): check readableLength by \u003ca href=\"https://github.com/chimurai\"\u003e\u003ccode\u003e@​chimurai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/pull/1097\"\u003echimurai/http-proxy-middleware#1097\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(package): v2.0.9 by \u003ca href=\"https://github.com/chimurai\"\u003e\u003ccode\u003e@​chimurai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/pull/1099\"\u003echimurai/http-proxy-middleware#1099\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.8...v2.0.9\"\u003ehttps://github.com/chimurai/http-proxy-middleware/compare/v2.0.8...v2.0.9\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.8\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(fixRequestBody): prevent multiple .write() calls by \u003ca href=\"https://github.com/chimurai\"\u003e\u003ccode\u003e@​chimurai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/pull/1090\"\u003echimurai/http-proxy-middleware#1090\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(fixRequestBody): handle invalid request by \u003ca href=\"https://github.com/chimurai\"\u003e\u003ccode\u003e@​chimurai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/pull/1091\"\u003echimurai/http-proxy-middleware#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(package): v2.0.8 by \u003ca href=\"https://github.com/chimurai\"\u003e\u003ccode\u003e@​chimurai\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/pull/1094\"\u003echimurai/http-proxy-middleware#1094\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.8\"\u003ehttps://github.com/chimurai/http-proxy-middleware/compare/v2.0.7...v2.0.8\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.7\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7\"\u003ehttps://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.7-beta.1\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.7-beta.0...v2.0.7-beta.1\"\u003ehttps://github.com/chimurai/http-proxy-middleware/compare/v2.0.7-beta.0...v2.0.7-beta.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.0.7-beta.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7-beta.0\"\u003ehttps://github.com/chimurai/http-proxy-middleware/compare/v2.0.6...v2.0.7-beta.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/chimurai/http-proxy-middleware/blob/v2.0.9/CHANGELOG.md\"\u003ehttp-proxy-middleware's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.9\"\u003ev2.0.9\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(fixRequestBody): check readableLength\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.8\"\u003ev2.0.8\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix(fixRequestBody): prevent multiple .write() calls\u003c/li\u003e\n\u003cli\u003efix(fixRequestBody): handle invalid request\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.7\"\u003ev2.0.7\u003c/a\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci(github actions): add publish.yml\u003c/li\u003e\n\u003cli\u003efix(filter): handle errors\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/617a7c9da9cc90ecc00b0c8b1c2f6a385c879cb1\"\u003e\u003ccode\u003e617a7c9\u003c/code\u003e\u003c/a\u003e chore(package): v2.0.9 (\u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/issues/1099\"\u003e#1099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/d22d58764832fea429d60109a19e1a23136d4425\"\u003e\u003ccode\u003ed22d587\u003c/code\u003e\u003c/a\u003e fix(fixRequestBody): check readableLength (\u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/issues/1097\"\u003e#1097\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/d03d51b54ac8d40db8438a8b216cf1ea92bb7849\"\u003e\u003ccode\u003ed03d51b\u003c/code\u003e\u003c/a\u003e chore(package): v2.0.8 (\u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/issues/1094\"\u003e#1094\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/c50dd06d9102fbb81dd4cbad7a295dddee5f6e1e\"\u003e\u003ccode\u003ec50dd06\u003c/code\u003e\u003c/a\u003e fix(fixRequestBody): handle invalid request (\u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/issues/1091\"\u003e#1091\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/76a9d8d6dc2b971f63df19d805c7ab656540525b\"\u003e\u003ccode\u003e76a9d8d\u003c/code\u003e\u003c/a\u003e fix(fixRequestBody): prevent multiple .write() calls (\u003ca href=\"https://redirect.github.com/chimurai/http-proxy-middleware/issues/1090\"\u003e#1090\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/1e9233909839962bb3c1980848ad499b4757a71d\"\u003e\u003ccode\u003e1e92339\u003c/code\u003e\u003c/a\u003e ci(github-actions): fix npm tag\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/chimurai/http-proxy-middleware/commit/90afb7c9a658b32cc8fe0...\n\n_Description has been truncated_","html_url":"https://github.com/MetaMask/snap-simple-keyring/pull/174","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/MetaMask%2Fsnap-simple-keyring/issues/174","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/174/packages"}},{"old_version":"1.1.1","new_version":"1.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-02T07:59:24.000Z","version_change":"1.1.1 → 1.3.0","issue":{"uuid":"4368385829","node_id":"PR_kwDORrxkis7XnbD7","number":1,"state":"open","title":"Bump the npm_and_yarn group across 6 directories with 29 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-02T07:59:24.000Z","updated_at":"2026-05-02T08:00:50.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":29,"packages":[{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"brace-expansion","old_version":"2.0.1","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"9.0.5","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.9","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"form-data","old_version":"3.0.3","new_version":"3.0.4","repository_url":"https://github.com/form-data/form-data"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"on-headers","old_version":"1.0.2","new_version":"1.1.0","repository_url":"https://github.com/jshttp/on-headers"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"2.7.1","new_version":"2.8.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.1","repository_url":"https://github.com/ljharb/qs"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"webpack","old_version":"5.99.5","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 17 updates in the /weather-ai directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.9` | `1.16.0` |\n| [form-data](https://github.com/form-data/form-data) | `3.0.3` | `3.0.4` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [yaml](https://github.com/eemeli/yaml) | `2.7.1` | `2.8.3` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.1` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.99.5` | `5.106.2` |\n\nBumps the npm_and_yarn group with 3 updates in the /webmcp-evals directory: [brace-expansion](https://github.com/juliangruber/brace-expansion), [minimatch](https://github.com/isaacs/minimatch) and [protobufjs](https://github.com/protobufjs/protobuf.js).\nBumps the npm_and_yarn group with 5 updates in the /toxic-review-warning directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `4.1.0` | `4.1.1` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [svgo](https://github.com/svg/svgo) | `2.8.0` | `2.8.2` |\n| [@parcel/reporter-dev-server](https://github.com/parcel-bundler/parcel) | `2.12.0` | `2.16.4` |\n| [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.1` | `2.1.4` |\n| [tar-fs](https://github.com/mafintosh/tar-fs) | `3.0.6` | `3.1.2` |\n\nBumps the npm_and_yarn group with 4 updates in the /summary-of-summaries directory: [postcss](https://github.com/postcss/postcss), [rollup](https://github.com/rollup/rollup), [uuid](https://github.com/uuidjs/uuid) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 3 updates in the /summarization-api-playground directory: [postcss](https://github.com/postcss/postcss), [rollup](https://github.com/rollup/rollup) and [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).\nBumps the npm_and_yarn group with 6 updates in the /prompt-api-polyfill directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.0` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [postcss](https://github.com/postcss/postcss) | `8.5.6` | `8.5.13` |\n| [protobufjs](https://github.com/protobufjs/protobuf.js) | `7.5.4` | `7.5.6` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `7.3.1` | `7.3.2` |\n\n\nUpdates `js-yaml` from 3.14.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.1 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 9.0.5 to 9.0.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 5.1.6 to 5.1.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.9 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.9...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `form-data` from 3.0.3 to 3.0.4\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/form-data/form-data/blob/master/CHANGELOG.md\"\u003eform-data's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.3...v3.0.4\"\u003ev3.0.4\u003c/a\u003e - 2025-07-16\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/577\"\u003e\u003ccode\u003e[#577](https://github.com/form-data/form-data/issues/577)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[eslint] update linting config \u003ca href=\"https://github.com/form-data/form-data/commit/f5e7eb024bc3fc7e2074ff80f143a4f4cbc1dbda\"\u003e\u003ccode\u003ef5e7eb0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5\"\u003e\u003ccode\u003ed2eb290\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23 \u003ca href=\"https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f\"\u003e\u003ccode\u003ee8c574c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values \u003ca href=\"https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd\"\u003e\u003ccode\u003ec6ced61\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003ehasown\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/1a78b5dd05e508d67e97764d812ac7c6d92ea88d\"\u003e\u003ccode\u003e1a78b5d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method \u003ca href=\"https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4\"\u003e\u003ccode\u003e70bbaa0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add tests to check the behavior of \u003ccode\u003egetBoundary\u003c/code\u003e with non-strings \u003ca href=\"https://github.com/form-data/form-data/commit/b22a64ef94ba4f3f6ff7d1ac72a54cca128567df\"\u003e\u003ccode\u003eb22a64e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] actually ensure the readme backup isn’t published \u003ca href=\"https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea\"\u003e\u003ccode\u003e0150851\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] remove local commit hooks \u003ca href=\"https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769\"\u003e\u003ccode\u003efc42bb9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] remove unused deps \u003ca href=\"https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb\"\u003e\u003ccode\u003ea14d09e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix scripts to use prepublishOnly \u003ca href=\"https://github.com/form-data/form-data/commit/11d9f7338f18a59b431832a3562b49baece0a432\"\u003e\u003ccode\u003e11d9f73\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix readme capitalization \u003ca href=\"https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932\"\u003e\u003ccode\u003efc38b48\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/9c82fcdf0858b2764060a87803a55375ffbee6ed\"\u003e\u003ccode\u003e9c82fcd\u003c/code\u003e\u003c/a\u003e v3.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f\"\u003e\u003ccode\u003ee8c574c\u003c/code\u003e\u003c/a\u003e [Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd\"\u003e\u003ccode\u003ec6ced61\u003c/code\u003e\u003c/a\u003e [Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea\"\u003e\u003ccode\u003e0150851\u003c/code\u003e\u003c/a\u003e [meta] actually ensure the readme backup isn’t published\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932\"\u003e\u003ccode\u003efc38b48\u003c/code\u003e\u003c/a\u003e [meta] fix readme capitalization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5\"\u003e\u003ccode\u003ed2eb290\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769\"\u003e\u003ccode\u003efc42bb9\u003c/code\u003e\u003c/a\u003e [meta] remove local commit hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb\"\u003e\u003ccode\u003ea14d09e\u003c/code\u003e\u003c/a\u003e [Dev Deps] remove unused deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/002b9b0c4862576305292ac44f7be25ec7ccea0e\"\u003e\u003ccode\u003e002b9b0\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4\"\u003e\u003ccode\u003e70bbaa0\u003c/code\u003e\u003c/a\u003e [Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.3...v3.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsonpath` from 1.1.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `on-headers` from 1.0.2 to 1.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jshttp/on-headers/releases\"\u003eon-headers's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.1.0\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-7339\"\u003eCVE-2025-7339\u003c/a\u003e (\u003ca href=\"https://github.com/jshttp/on-headers/security/advisories/GHSA-76c9-3jph-rj3q\"\u003eGHSA-76c9-3jph-rj3q\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eMigrate CI pipeline to GitHub actions by \u003ca href=\"https://github.com/carpasse\"\u003e\u003ccode\u003e@​carpasse\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/12\"\u003ejshttp/on-headers#12\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix README.md badges by \u003ca href=\"https://github.com/carpasse\"\u003e\u003ccode\u003e@​carpasse\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/13\"\u003ejshttp/on-headers#13\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eadd OSSF scorecard action by \u003ca href=\"https://github.com/carpasse\"\u003e\u003ccode\u003e@​carpasse\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/14\"\u003ejshttp/on-headers#14\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: use \u003ccode\u003eubuntu-latest\u003c/code\u003e as ci runner by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/19\"\u003ejshttp/on-headers#19\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: apply OSSF Scorecard security best practices by \u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/20\"\u003ejshttp/on-headers#20\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e👷 add upstream change detection by \u003ca href=\"https://github.com/ctcpip\"\u003e\u003ccode\u003e@​ctcpip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/31\"\u003ejshttp/on-headers#31\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e✨ add script to update known hashes by \u003ca href=\"https://github.com/ctcpip\"\u003e\u003ccode\u003e@​ctcpip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/32\"\u003ejshttp/on-headers#32\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e💚 update CI - add newer node versions by \u003ca href=\"https://github.com/ctcpip\"\u003e\u003ccode\u003e@​ctcpip\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/33\"\u003ejshttp/on-headers#33\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/carpasse\"\u003e\u003ccode\u003e@​carpasse\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/12\"\u003ejshttp/on-headers#12\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/UlisesGascon\"\u003e\u003ccode\u003e@​UlisesGascon\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/19\"\u003ejshttp/on-headers#19\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ctcpip\"\u003e\u003ccode\u003e@​ctcpip\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/jshttp/on-headers/pull/31\"\u003ejshttp/on-headers#31\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0\"\u003ehttps://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/jshttp/on-headers/blob/master/HISTORY.md\"\u003eon-headers's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e1.1.0 / 2025-07-17\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2025-7339\"\u003eCVE-2025-7339\u003c/a\u003e (\u003ca href=\"https://github.com/jshttp/on-headers/security/advisories/GHSA-76c9-3jph-rj3q\"\u003eGHSA-76c9-3jph-rj3q\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/on-headers/commit/4b017af88f5375bbdf3ad2ee732d2c122e4f52b0\"\u003e\u003ccode\u003e4b017af\u003c/code\u003e\u003c/a\u003e 1.1.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/on-headers/commit/b636f2d08e6c1e0a784b53a13cd61e05c09bb118\"\u003e\u003ccode\u003eb636f2d\u003c/code\u003e\u003c/a\u003e ♻️ refactor header array code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/on-headers/commit/3e2c2d46c3e9592f6a1c3a3a1dbe622401f95d39\"\u003e\u003ccode\u003e3e2c2d4\u003c/code\u003e\u003c/a\u003e ✨ ignore falsy header keys, matching node behavior\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/on-headers/commit/172eb41b99a5a290b27a2c43fe602ca33aa1c8ce\"\u003e\u003ccode\u003e172eb41\u003c/code\u003e\u003c/a\u003e ✨ support duplicate headers\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/on-headers/commit/c6e384908c9c6127d18831d16ab0bd96e1231867\"\u003e\u003ccode\u003ec6e3849\u003c/code\u003e\u003c/a\u003e 🔒️ fix array handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/on-headers/commit/6893518341bb4e5363285df086b3158302d3b216\"\u003e\u003ccode\u003e6893518\u003c/code\u003e\u003c/a\u003e 💚 update CI - add newer node versions\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/on-headers/commit/56a345d82b51a0dcb8d09f061f87b1fd1dc4c01e\"\u003e\u003ccode\u003e56a345d\u003c/code\u003e\u003c/a\u003e ✨ add script to update known hashes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/on-headers/commit/175ab217155d525371a5416ff059f895a3a532a6\"\u003e\u003ccode\u003e175ab21\u003c/code\u003e\u003c/a\u003e 👷 add upstream change detection (\u003ca href=\"https://redirect.github.com/jshttp/on-headers/issues/31\"\u003e#31\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/on-headers/commit/ce0b2c8fcd313d38d3534fb731050dc16e105bf6\"\u003e\u003ccode\u003ece0b2c8\u003c/code\u003e\u003c/a\u003e ci: apply OSSF Scorecard security best practices (\u003ca href=\"https://redirect.github.com/jshttp/on-headers/issues/20\"\u003e#20\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jshttp/on-headers/commit/1a38c543e75cd06217b449531de10b1758e35299\"\u003e\u003ccode\u003e1a38c54\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003eubuntu-latest\u003c/code\u003e as ci runner (\u003ca href=\"https://redirect.github.com/jshttp/on-headers/issues/19\"\u003e#19\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/jshttp/on-headers/compare/v1.0.2...v1.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for on-headers since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.7 / 2015-07-28\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression with escaped round brackets and matching groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.6 / 2015-06-19\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eindex\u003c/code\u003e feature by outputting all parameters, unnamed and named.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.5 / 2015-05-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an index property for position in match result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.4 / 2015-03-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd license information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.3 / 2014-07-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBetter array support\u003c/li\u003e\n\u003cli\u003eImproved support for trailing slash in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.0 / 2014-03-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eadd options.end\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.0.2 / 2013-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to match current express\u003c/li\u003e\n\u003cli\u003eadd .license property to component.json\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0\"\u003e\u003ccode\u003e9fd0c87\u003c/code\u003e\u003c/a\u003e 0.1.13 (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/425\"\u003e#425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45\"\u003e\u003ccode\u003e7ccf02c\u003c/code\u003e\u003c/a\u003e fix: CVE-2026-4867\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for path-to-regexp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 1.10.2 to 1.10.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/cfe8f0437054ff5fbfe6499894f55b3316a54959\"\u003e\u003ccode\u003ecfe8f04\u003c/code\u003e\u003c/a\u003e 1.10.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/7abcf45dd63f0bc626890ad9a8cdeb397f92be73\"\u003e\u003ccode\u003e7abcf45\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during CST composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a0252f8b056f49875d1b79edb8709cff7d7d0dc6\"\u003e\u003ccode\u003ea0252f8\u003c/code\u003e\u003c/a\u003e chore: Add rules avoiding processing of tests/json-test-suite\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a5e83b05f7124c31b4784b613f0c669959a5ed48\"\u003e\u003ccode\u003ea5e83b0\u003c/code\u003e\u003c/a\u003e style: Apply updates Prettier rules\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/b8ddca0a5d4794a3c60f252d3513e6ff7068fdf0\"\u003e\u003ccode\u003eb8ddca0\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/395f892ec9a26b9038c8db388b675c3281ab8cd3\"\u003e\u003ccode\u003e395f892\u003c/code\u003e\u003c/a\u003e ci: Use a different (working) submodule checkout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6fd272052751775e48196024d4bed639cc1e0350\"\u003e\u003ccode\u003e6fd2720\u003c/code\u003e\u003c/a\u003e test-events: Add {} and [] indicators to flow maps \u0026amp; sequences\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v1.10.2...v1.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `yaml` from 2.7.1 to 2.8.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/cfe8f0437054ff5fbfe6499894f55b3316a54959\"\u003e\u003ccode\u003ecfe8f04\u003c/code\u003e\u003c/a\u003e 1.10.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/7abcf45dd63f0bc626890ad9a8cdeb397f92be73\"\u003e\u003ccode\u003e7abcf45\u003c/code\u003e\u003c/a\u003e fix: Catch stack overflow during CST composition\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a0252f8b056f49875d1b79edb8709cff7d7d0dc6\"\u003e\u003ccode\u003ea0252f8\u003c/code\u003e\u003c/a\u003e chore: Add rules avoiding processing of tests/json-test-suite\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/a5e83b05f7124c31b4784b613f0c669959a5ed48\"\u003e\u003ccode\u003ea5e83b0\u003c/code\u003e\u003c/a\u003e style: Apply updates Prettier rules\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/b8ddca0a5d4794a3c60f252d3513e6ff7068fdf0\"\u003e\u003ccode\u003eb8ddca0\u003c/code\u003e\u003c/a\u003e chore: Refresh lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/395f892ec9a26b9038c8db388b675c3281ab8cd3\"\u003e\u003ccode\u003e395f892\u003c/code\u003e\u003c/a\u003e ci: Use a different (working) submodule checkout\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/eemeli/yaml/commit/6fd272052751775e48196024d4bed639cc1e0350\"\u003e\u003ccode\u003e6fd2720\u003c/code\u003e\u003c/a\u003e test-events: Add {} and [] indicators to flow maps \u0026amp; sequences\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/eemeli/yaml/compare/v1.10.2...v1.10.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.13.0 to 6.15.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.3\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003e[Fix] fix regressions from robustness refactor\n[actions] update reusable workflows\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/c85b67f0a35897c2d3d1dd2766a3c8f1bd9b371f\"\u003e\u003ccode\u003ec85b67f\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: ...\n\n_Description has been truncated_","html_url":"https://github.com/danielbodnar/web-ai-demos/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/danielbodnar%2Fweb-ai-demos/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"1.2.1","new_version":"1.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-02T07:26:55.000Z","version_change":"1.2.1 → 1.3.0","issue":{"uuid":"4368309205","node_id":"PR_kwDORPlW787XnL58","number":1,"state":"open","title":"Bump the npm_and_yarn group across 1 directory with 8 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-02T07:26:55.000Z","updated_at":"2026-05-02T07:28:53.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":8,"packages":[{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"jsonpath","old_version":"1.2.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.23","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.3","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"picomatch","old_version":"4.0.3","new_version":"4.0.4","repository_url":"https://github.com/micromatch/picomatch"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.2.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.23` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.3` | `1.4.0` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [picomatch](https://github.com/micromatch/picomatch) | `4.0.3` | `4.0.4` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 5.1.6 to 5.1.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsonpath` from 1.2.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.23 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.3 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.3...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 4.0.3 to 4.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `rollup` from 2.79.2 to 2.80.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/rollup/rollup/blob/v2.80.0/CHANGELOG.md\"\u003erollup's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.80.0\u003c/h2\u003e\n\u003cp\u003e\u003cem\u003e2026-02-22\u003c/em\u003e\u003c/p\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThrow when the generated bundle contains paths that would leave the output directory (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003ePull Requests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/rollup/rollup/pull/6277\"\u003e#6277\u003c/a\u003e: Validate bundle stays within output dir (\u003ca href=\"https://github.com/lukastaegert\"\u003e\u003ccode\u003e@​lukastaegert\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d17ae15336a45c3c59b2a4aacac2b14186035d28\"\u003e\u003ccode\u003ed17ae15\u003c/code\u003e\u003c/a\u003e 2.80.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\"\u003e\u003ccode\u003ed6dee5e\u003c/code\u003e\u003c/a\u003e Validate bundle stays within output dir (\u003ca href=\"https://redirect.github.com/rollup/rollup/issues/6277\"\u003e#6277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/rollup/rollup/compare/v2.79.2...v2.80.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/codewithaustin1/sharp-portfolio/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/codewithaustin1/sharp-portfolio/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/codewithaustin1%2Fsharp-portfolio/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"1.1.1","new_version":"1.3.0","update_type":"minor","path":null,"pr_created_at":"2026-05-02T04:30:09.000Z","version_change":"1.1.1 → 1.3.0","issue":{"uuid":"4367910097","node_id":"PR_kwDOOjqxP87Xl-ih","number":10,"state":"open","title":"Bump the npm_and_yarn group across 8 directories with 10 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":3,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-02T04:30:09.000Z","updated_at":"2026-05-02T04:31:22.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":10,"packages":[{"name":"next","old_version":"12.2.0","new_version":"16.2.4","repository_url":"https://github.com/vercel/next.js"},{"name":"uuid","old_version":"8.3.2","new_version":"14.0.0","repository_url":"https://github.com/uuidjs/uuid"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"next-auth","old_version":"4.10.3","new_version":"4.24.12","repository_url":"https://github.com/nextauthjs/next-auth"},{"name":"@stablelib/ed25519","old_version":"1.0.2","new_version":"2.1.0","repository_url":"https://github.com/StableLib/stablelib"},{"name":"ajv","old_version":"8.11.0","new_version":"8.18.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"bn.js","old_version":"5.2.1","new_version":"5.2.3","repository_url":"https://github.com/indutny/bn.js"},{"name":"bn.js","old_version":"4.12.0","new_version":"4.12.3","repository_url":"https://github.com/indutny/bn.js"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 8 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [next](https://github.com/vercel/next.js) | `12.2.0` | `16.2.4` |\n| [uuid](https://github.com/uuidjs/uuid) | `8.3.2` | `14.0.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [next-auth](https://github.com/nextauthjs/next-auth) | `4.10.3` | `4.24.12` |\n| [@stablelib/ed25519](https://github.com/StableLib/stablelib) | `1.0.2` | `2.1.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.11.0` | `8.18.0` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [bn.js](https://github.com/indutny/bn.js) | `5.2.1` | `5.2.3` |\n| [bn.js](https://github.com/indutny/bn.js) | `4.12.0` | `4.12.3` |\n\nBumps the npm_and_yarn group with 1 update in the /packages/demo-issuer directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 1 update in the /packages/demo-revocation directory: [next](https://github.com/vercel/next.js).\nBumps the npm_and_yarn group with 2 updates in the /packages/demo-verifier directory: [next](https://github.com/vercel/next.js) and [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /packages/e2e-demo directory: [next](https://github.com/vercel/next.js) and [uuid](https://github.com/uuidjs/uuid).\nBumps the npm_and_yarn group with 2 updates in the /packages/solana directory: [bn.js](https://github.com/indutny/bn.js) and [picomatch](https://github.com/micromatch/picomatch).\nBumps the npm_and_yarn group with 2 updates in the /packages/verite directory: [uuid](https://github.com/uuidjs/uuid) and [@stablelib/ed25519](https://github.com/StableLib/stablelib).\nBumps the npm_and_yarn group with 1 update in the /packages/wallet directory: [uuid](https://github.com/uuidjs/uuid).\n\nUpdates `next` from 12.2.0 to 16.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev16.2.4\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: Bump reqwest to 0.13.2 (Fixes Google Fonts with Turbopack for Windows on ARM64) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92713\"\u003e#92713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: fix filesystem watcher config not applying follow_symlinks(false) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92631\"\u003e#92631\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eScope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92580\"\u003e#92580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCompiler: Support boolean and number primtives in next.config defines (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92731\"\u003e#92731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eturbo-tasks: Fix recomputation loop by allowing cell cleanup on error during recomputation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92725\"\u003e#92725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: shorter error for ChunkGroupInfo::get_index_of (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92814\"\u003e#92814\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: shorter error message for ModuleBatchesGraph::get_entry_index (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92828\"\u003e#92828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdding more system info to the 'initialize project' trace (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92427\"\u003e#92427\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/Badbird5907\"\u003e\u003ccode\u003e@​Badbird5907\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukesandberg\"\u003e\u003ccode\u003e@​lukesandberg\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/andrewimm\"\u003e\u003ccode\u003e@​andrewimm\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/sokra\"\u003e\u003ccode\u003e@​sokra\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/mischnic\"\u003e\u003ccode\u003e@​mischnic\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003ch2\u003ev16.2.3\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see \u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e. The release does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure app-page reports stale ISR revalidation errors via onRequestError (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92282\"\u003e#92282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91981\"\u003e#91981\u003c/a\u003e through \u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92273\"\u003e#92273\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeduplicate output assets and detect content conflicts on emit (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92292\"\u003e#92292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix styled-jsx race condition: styles lost due to concurrent rendering (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92459\"\u003e#92459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eturbo-tasks-backend: stability fixes for task cancellation and error handling (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92254\"\u003e#92254\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/icyJoseph\"\u003e\u003ccode\u003e@​icyJoseph\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/sokra\"\u003e\u003ccode\u003e@​sokra\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/wbinnssmith\"\u003e\u003ccode\u003e@​wbinnssmith\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/eps1lon\"\u003e\u003ccode\u003e@​eps1lon\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/ztanner\"\u003e\u003ccode\u003e@​ztanner\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003ch2\u003ev16.2.2\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport: Move expanded adapters docs to API reference (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92115\"\u003e#92115\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92129\"\u003e#92129\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBackport: TypeScript v6 deprecations for baseUrl and moduleResolution (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92130\"\u003e#92130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[create-next-app] Skip interactive prompts when CLI flags are provided (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91840\"\u003e#91840\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003enext.config.js: Accept an option for serverFastRefresh (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91968\"\u003e#91968\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: enable server HMR for app route handlers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91466\"\u003e#91466\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: exclude metadata routes from server HMR (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92034\"\u003e#92034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CI for glibc linux builds\u003c/li\u003e\n\u003cli\u003eBackport: disable bmi2 in qfilter \u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92177\"\u003e#92177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[backport] Fix CSS HMR on Safari (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92174\"\u003e#92174\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2275bd8598c88e8652d1271e74bcf972f72f4f38\"\u003e\u003ccode\u003e2275bd8\u003c/code\u003e\u003c/a\u003e v16.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/e07398321a37115626b0271697e51418db109cad\"\u003e\u003ccode\u003ee073983\u003c/code\u003e\u003c/a\u003e Adding more system info to the 'initialize project' trace (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92427\"\u003e#92427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/8a540b58b683bb79667d6e908d45df0e9e9c9f9c\"\u003e\u003ccode\u003e8a540b5\u003c/code\u003e\u003c/a\u003e Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92\"\u003e#92\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2f5343fafb2052c59cf62018252b75da3e7d424a\"\u003e\u003ccode\u003e2f5343f\u003c/code\u003e\u003c/a\u003e Turbopack: shorter error for ChunkGroupInfo::get_index_of (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92814\"\u003e#92814\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2ad9d3fb58801adb7df87873fc299a4e9a5ab199\"\u003e\u003ccode\u003e2ad9d3f\u003c/code\u003e\u003c/a\u003e turbo-tasks: Fix recomputation loop by allowing cell cleanup on error during ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/6f3808e2043d168d4fb6fa3f9184e755076a16b0\"\u003e\u003ccode\u003e6f3808e\u003c/code\u003e\u003c/a\u003e Compiler: Support boolean and number primtives in next.config defines (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92731\"\u003e#92731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fbc7684ecbd360da8af602e50780637fc79354d5\"\u003e\u003ccode\u003efbc7684\u003c/code\u003e\u003c/a\u003e Scope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92580\"\u003e#92580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/805d758d935beb0abbc70639c6af0fc9d839273b\"\u003e\u003ccode\u003e805d758\u003c/code\u003e\u003c/a\u003e Turbopack: fix filesystem watcher config not applying follow_symlinks(false) ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/1056fae3565d88719ef41f5b05447ace75e26d7e\"\u003e\u003ccode\u003e1056fae\u003c/code\u003e\u003c/a\u003e chore: Bump reqwest to 0.13.2 (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92713\"\u003e#92713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d5f649b2f4affdad1009cb178c1e3b37f4f1ad3f\"\u003e\u003ccode\u003ed5f649b\u003c/code\u003e\u003c/a\u003e v16.2.3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v12.2.0...v16.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `uuid` from 8.3.2 to 14.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/releases\"\u003euuid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev14.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003edc4ddb8\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eexpect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003ef2c235f\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUse GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003effa3138\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v13.0.1\"\u003e13.0.1\u003c/a\u003e (2026-04-27)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/9d27ddf7046ce496ef39569ff84d948eeff9cb2a\"\u003e9d27ddf\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev13.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.1\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v12.0.1\"\u003e12.0.1\u003c/a\u003e (2026-04-29)\u003c/h2\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport fix for GHSA-w5hq-g745-h8pq (\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d61d6ac1f782cf6b1dd8661c60f11722cd49a0d\"\u003e3d61d6a\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev12.0.0\u003c/h2\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md\"\u003euuid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v13.0.0...v14.0.0\"\u003e14.0.0\u003c/a\u003e (2026-04-19)\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixes \u003ca href=\"https://github.com/uuidjs/uuid/security/advisories/GHSA-w5hq-g745-h8pq\"\u003eGHSA-w5hq-g745-h8pq\u003c/a\u003e: \u003ccode\u003ev3()\u003c/code\u003e, \u003ccode\u003ev5()\u003c/code\u003e, and \u003ccode\u003ev6()\u003c/code\u003e did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid \u003ccode\u003eoffset\u003c/code\u003e was provided. A \u003ccode\u003eRangeError\u003c/code\u003e is now thrown if \u003ccode\u003eoffset \u0026lt; 0\u003c/code\u003e or \u003ccode\u003eoffset + 16 \u0026gt; buf.length\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ecrypto\u003c/code\u003e is now expected to be globally defined (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v12.0.0...v13.0.0\"\u003e13.0.0\u003c/a\u003e (2025-09-08)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emake browser exports the default (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/901\"\u003e#901\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/bce9d72a3ae5b9a3dcd8eb21ef6d1820288a427a\"\u003ebce9d72\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.1.0...v12.0.0\"\u003e12.0.0\u003c/a\u003e (2025-09-05)\u003c/h2\u003e\n\u003ch3\u003e⚠ BREAKING CHANGES\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd node@24 to ci matrix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/879\"\u003e#879\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/42b6178aa21a593257f0a72abacd220f0b7b8a92\"\u003e42b6178\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003edrop node@16 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/883\"\u003e#883\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f38cf10366ab074f9328ae2021eea04d5f2e530\"\u003e0f38cf1\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eremove CommonJS support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/886\"\u003e#886\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/ae786e27265f50bcf7cead196c29f1869297c42f\"\u003eae786e2\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eupdate to typescript@5.2 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/887\"\u003e#887\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/c7ee40598ed78584d81ab78dffded9fe5ff20b01\"\u003ec7ee405\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eimprove v4() performance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/894\"\u003e#894\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/5fd974c12718c8848035650b69b8948f12ace197\"\u003e5fd974c\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003erestore node: prefix (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/889\"\u003e#889\u003c/a\u003e) (\u003ca href=\"https://github.com/uuidjs/uuid/commit/e1f42a354593093ba0479f0b4047dae82d28c507\"\u003ee1f42a3\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/uuidjs/uuid/compare/v11.0.5...v11.1.0\"\u003e11.1.0\u003c/a\u003e (2025-02-19)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/7c1ea087a8149b57380fc8bb7f68c3a215cb6e4b\"\u003e\u003ccode\u003e7c1ea08\u003c/code\u003e\u003c/a\u003e chore(main): release 14.0.0 (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/926\"\u003e#926\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/3d2c5b0342f0fcb52a5ac681c3d47c13e7444b34\"\u003e\u003ccode\u003e3d2c5b0\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/f2c235f93059325fa43e1106e624b5291bb523c4\"\u003e\u003ccode\u003ef2c235f\u003c/code\u003e\u003c/a\u003e fix!: expect \u003ccode\u003ecrypto\u003c/code\u003e to be global everywhere (requires node@20+) (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/935\"\u003e#935\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/529ef0899f5dd503d2ee90d690585d63d78bc212\"\u003e\u003ccode\u003e529ef08\u003c/code\u003e\u003c/a\u003e chore: upgrade TypeScript and fixup types (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/927\"\u003e#927\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/086fd7976f11433edf9ac80be876b3ad243fe087\"\u003e\u003ccode\u003e086fd79\u003c/code\u003e\u003c/a\u003e chore: update dependencies (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/933\"\u003e#933\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/dc4ddb87272ed2843faccd130bcc41d492688bd3\"\u003e\u003ccode\u003edc4ddb8\u003c/code\u003e\u003c/a\u003e feat!: drop node@18 support (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/934\"\u003e#934\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0f1f9c9c9cedbae5a1d363d5406c5dfbabe81404\"\u003e\u003ccode\u003e0f1f9c9\u003c/code\u003e\u003c/a\u003e chore: switch to Biome for parsing and linting (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/932\"\u003e#932\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/e2879e64bf125add903c1eff6e0860542c605013\"\u003e\u003ccode\u003ee2879e6\u003c/code\u003e\u003c/a\u003e chore: use maintained version of npm-run-all (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/930\"\u003e#930\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/ffa31383e8e4e1f0b4e22e504561272041b8738c\"\u003e\u003ccode\u003effa3138\u003c/code\u003e\u003c/a\u003e fix: Use GITHUB_TOKEN for release-please and enable npm provenance (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/925\"\u003e#925\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/uuidjs/uuid/commit/0423d49df2dc8efc300c804731d25f4d7e0fccc4\"\u003e\u003ccode\u003e0423d49\u003c/code\u003e\u003c/a\u003e docs: remove obsolete v1 option notes (\u003ca href=\"https://redirect.github.com/uuidjs/uuid/issues/915\"\u003e#915\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/uuidjs/uuid/compare/v8.3.2...v14.0.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for uuid since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version adds \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next-auth` from 4.10.3 to 4.24.12\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nextauthjs/next-auth/commit/1f48cf7cbbc43517174cb47b4eb5dd402025c8b7\"\u003e\u003ccode\u003e1f48cf7\u003c/code\u003e\u003c/a\u003e chore(release): bump version [skip ci]\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nextauthjs/next-auth/commit/4758a2f1ff185c9759df0c558b03fe931920d0a5\"\u003e\u003ccode\u003e4758a2f\u003c/code\u003e\u003c/a\u003e ci: add \u003ccode\u003eworkflow_dispatch\u003c/code\u003e for release.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nextauthjs/next-auth/commit/d3aecfe1f150434e1cfff21c291277137266827a\"\u003e\u003ccode\u003ed3aecfe\u003c/code\u003e\u003c/a\u003e feat: add next 16 support (\u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/issues/13303\"\u003e#13303\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nextauthjs/next-auth/commit/82efcf81f218aae43683f8dd2f7c260ef69b3ece\"\u003e\u003ccode\u003e82efcf8\u003c/code\u003e\u003c/a\u003e fix: security issue from \u003ccode\u003enodemailer\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/issues/13304\"\u003e#13304\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nextauthjs/next-auth/commit/798c3d59274cddc5ad22d4a68c211736f0deb191\"\u003e\u003ccode\u003e798c3d5\u003c/code\u003e\u003c/a\u003e docs: update banner\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nextauthjs/next-auth/commit/02d3480f8d8405af52eaa0cdc2f8f75bb7e8b4e8\"\u003e\u003ccode\u003e02d3480\u003c/code\u003e\u003c/a\u003e chore: remove clerk ads\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nextauthjs/next-auth/commit/7f88fa0ba97e7aab43c931dfe674e51748723da3\"\u003e\u003ccode\u003e7f88fa0\u003c/code\u003e\u003c/a\u003e chore: remove sponsors\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nextauthjs/next-auth/commit/46e01af41fc028f22322f225f4f03c0dce069035\"\u003e\u003ccode\u003e46e01af\u003c/code\u003e\u003c/a\u003e chore(docs): update credentials.md app router route.js filename (\u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/issues/13025\"\u003e#13025\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nextauthjs/next-auth/commit/11939f2f70495c0408d0187dbfa0741fdd5916e6\"\u003e\u003ccode\u003e11939f2\u003c/code\u003e\u003c/a\u003e feat(core): add default cache control headers for GET endpoints (\u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/issues/12627\"\u003e#12627\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nextauthjs/next-auth/commit/918a6ac37beb766402940db64584df407668bbea\"\u003e\u003ccode\u003e918a6ac\u003c/code\u003e\u003c/a\u003e docs: Update FAQ with \u003ccode\u003eallowDangerousEmailAccountLinking\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/nextauthjs/next-auth/issues/12586\"\u003e#12586\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/nextauthjs/next-auth/compare/next-auth@v4.10.3...next-auth@4.24.12\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~himself_65\"\u003ehimself_65\u003c/a\u003e, a new releaser for next-auth since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `@stablelib/ed25519` from 1.0.2 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/StableLib/stablelib/commit/66167351414c7d80aed1403906f3d648a4592375\"\u003e\u003ccode\u003e6616735\u003c/code\u003e\u003c/a\u003e Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/StableLib/stablelib/commit/43db6a1fbc29484b98cf54a47f0583481875dbaf\"\u003e\u003ccode\u003e43db6a1\u003c/code\u003e\u003c/a\u003e Reject non-canonical public keys\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/StableLib/stablelib/commit/fa3894ebbc157414f6f1636838875b770ff2f64e\"\u003e\u003ccode\u003efa3894e\u003c/code\u003e\u003c/a\u003e Reject non-canonical signatures to prevent malleability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/StableLib/stablelib/commit/72336cc655704421d2433eaa2b22eb2a6b626196\"\u003e\u003ccode\u003e72336cc\u003c/code\u003e\u003c/a\u003e Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/StableLib/stablelib/commit/7c27bd4988353b490fd29f51918e68257d7fec13\"\u003e\u003ccode\u003e7c27bd4\u003c/code\u003e\u003c/a\u003e utf8: throw when encoding lone surrogates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/StableLib/stablelib/commit/99bee56f6af6211d037c35e3eef749f3c1e84502\"\u003e\u003ccode\u003e99bee56\u003c/code\u003e\u003c/a\u003e Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/StableLib/stablelib/commit/6d8cbcd2558ce784e535a333106b46dd3c2e736a\"\u003e\u003ccode\u003e6d8cbcd\u003c/code\u003e\u003c/a\u003e Add file extensions to relative imports.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/StableLib/stablelib/commit/771ba76c98586d626d4d0417dfe7b4ea6139e750\"\u003e\u003ccode\u003e771ba76\u003c/code\u003e\u003c/a\u003e Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/StableLib/stablelib/commit/7f831e4474def2c2b8bfc9b91d386ab175871153\"\u003e\u003ccode\u003e7f831e4\u003c/code\u003e\u003c/a\u003e Ensure the secret key length is 64 bytes when signing.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/StableLib/stablelib/commit/ecfe9109b3c05419fd3ffc16da6c8255b08ad64f\"\u003e\u003ccode\u003eecfe910\u003c/code\u003e\u003c/a\u003e Add --no-ci to lerna bootstrap\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/StableLib/stablelib/compare/@stablelib/ed25519@1.0.2...@stablelib/ed25519@2.1.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.11.0 to 8.18.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ajv-validator/ajv/releases\"\u003eajv's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: allow tree-shaking by adding \u003ccode\u003e\u0026quot;sideEffects\u0026quot;: false\u003c/code\u003e to \u003ccode\u003epackage.json\u003c/code\u003e by \u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2487\"\u003eajv-validator/ajv#2487\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: small grammatical error in managing-schemas.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: typos in schema-language.md by \u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2507\"\u003eajv-validator/ajv#2507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix(pattern): use configured RegExp engine with $data keyword to mitigate ReDoS attacks (CVE-2025-69873) by \u003ca href=\"https://github.com/epoberezkin\"\u003e\u003ccode\u003e@​epoberezkin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2586\"\u003eajv-validator/ajv#2586\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/josdejong\"\u003e\u003ccode\u003e@​josdejong\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2480\"\u003eajv-validator/ajv#2480\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/monteiro-renato\"\u003e\u003ccode\u003e@​monteiro-renato\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2508\"\u003eajv-validator/ajv#2508\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.1...v8.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.17.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebump version to 8.17.1 by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2472\"\u003eajv-validator/ajv#2472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.17.0...v8.17.1\"\u003ehttps://github.com/ajv-validator/ajv/compare/v8.17.0...v8.17.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ePlus everything in 8.17.0 which failed to release\u003c/h2\u003e\n\u003cp\u003eThe only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.\u003c/p\u003e\n\u003cp\u003eRevert \u0026quot;Revert fast-uri change (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2444\"\u003eajv-validator/ajv#2444\u003c/a\u003e)\u0026quot; by \u003ca href=\"https://github.com/gurgunday\"\u003e\u003ccode\u003e@​gurgunday\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2448\"\u003eajv-validator/ajv#2448\u003c/a\u003e\nfix: ignore new eslint error for \u003ccode\u003e@​typescript-eslint/no-extraneous-class\u003c/code\u003e by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2455\"\u003eajv-validator/ajv#2455\u003c/a\u003e\ndocs: clarify behaviour of addVocabulary by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2454\"\u003eajv-validator/ajv#2454\u003c/a\u003e\ndocs: refactor to improve legibility by \u003ca href=\"https://github.com/blottn\"\u003e\u003ccode\u003e@​blottn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2432\"\u003eajv-validator/ajv#2432\u003c/a\u003e\nFix grammatical typo in managing-schemas.md by \u003ca href=\"https://github.com/wetneb\"\u003e\u003ccode\u003e@​wetneb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2305\"\u003eajv-validator/ajv#2305\u003c/a\u003e\ndocs: Fix broken strict-mode link by \u003ca href=\"https://github.com/alexanderjsx\"\u003e\u003ccode\u003e@​alexanderjsx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2459\"\u003eajv-validator/ajv#2459\u003c/a\u003e\nfeat: add test for encoded refs and bump fast-uri by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2449\"\u003eajv-validator/ajv#2449\u003c/a\u003e\nfix: changes for \u003ccode\u003e@​typescript-eslint/array-type\u003c/code\u003e rule by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2467\"\u003eajv-validator/ajv#2467\u003c/a\u003e\nfixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2217\"\u003eajv-validator/ajv#2217\u003c/a\u003e - clarify custom keyword naming by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2457\"\u003eajv-validator/ajv#2457\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.17.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThe only functional change is to switch from uri-js (which is no longer supported), to fast-uri. This is the second attempt and the team on fast-uri have been really helpful addressing the issues we found last time.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eRevert \u0026quot;Revert fast-uri change (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2444\"\u003e#2444\u003c/a\u003e)\u0026quot; by \u003ca href=\"https://github.com/gurgunday\"\u003e\u003ccode\u003e@​gurgunday\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2448\"\u003eajv-validator/ajv#2448\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: ignore new eslint error for \u003ccode\u003e@​typescript-eslint/no-extraneous-class\u003c/code\u003e by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2455\"\u003eajv-validator/ajv#2455\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: clarify behaviour of addVocabulary by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2454\"\u003eajv-validator/ajv#2454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: refactor to improve legibility by \u003ca href=\"https://github.com/blottn\"\u003e\u003ccode\u003e@​blottn\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2432\"\u003eajv-validator/ajv#2432\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix grammatical typo in managing-schemas.md by \u003ca href=\"https://github.com/wetneb\"\u003e\u003ccode\u003e@​wetneb\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2305\"\u003eajv-validator/ajv#2305\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Fix broken strict-mode link by \u003ca href=\"https://github.com/alexanderjsx\"\u003e\u003ccode\u003e@​alexanderjsx\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2459\"\u003eajv-validator/ajv#2459\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add test for encoded refs and bump fast-uri by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2449\"\u003eajv-validator/ajv#2449\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: changes for \u003ccode\u003e@​typescript-eslint/array-type\u003c/code\u003e rule by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2467\"\u003eajv-validator/ajv#2467\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2217\"\u003e#2217\u003c/a\u003e - clarify custom keyword naming by \u003ca href=\"https://github.com/jasoniangreen\"\u003e\u003ccode\u003e@​jasoniangreen\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/pull/2457\"\u003eajv-validator/ajv#2457\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/142ce84b807c4fe66e619c22480a28d0e4bd50fa\"\u003e\u003ccode\u003e142ce84\u003c/code\u003e\u003c/a\u003e 8.18.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/720a23fa453ffae8340e92c9b0fe886c54cfe0d5\"\u003e\u003ccode\u003e720a23f\u003c/code\u003e\u003c/a\u003e fix(pattern): use configured RegExp engine with $data keyword to mitigate ReD...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/82735a15826a30cc51e97a1bbfb59b3d388e4b98\"\u003e\u003ccode\u003e82735a1\u003c/code\u003e\u003c/a\u003e fix: typos in schema-language.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2507\"\u003e#2507\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b17ec32cd97542e90ae27231d8a8bce88b9e53b6\"\u003e\u003ccode\u003eb17ec32\u003c/code\u003e\u003c/a\u003e fix: small grammatical error in managing-schemas.md (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2508\"\u003e#2508\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/69568d08564303e2c32a2de61feb833b41075f96\"\u003e\u003ccode\u003e69568d0\u003c/code\u003e\u003c/a\u003e fix: \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2482\"\u003e#2482\u003c/a\u003e Infinity and NaN serialise to null (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2487\"\u003e#2487\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/f06766f33ed7291f84c19f22a1286a34475fbdaf\"\u003e\u003ccode\u003ef06766f\u003c/code\u003e\u003c/a\u003e feat: allow tree-shaking by adding ``\u0026quot;sideEffects\u0026quot;: false\u003ccode\u003eto\u003c/code\u003epackage.json` ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/9050ba1359fb87cd7c143f3c79513ea7624ea443\"\u003e\u003ccode\u003e9050ba1\u003c/code\u003e\u003c/a\u003e bump version to 8.17.1 (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2472\"\u003e#2472\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/f7831b41c3a27064c6219f51a1e7371ffb582dfe\"\u003e\u003ccode\u003ef7831b4\u003c/code\u003e\u003c/a\u003e fixes \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2217\"\u003e#2217\u003c/a\u003e - clarify custom keyword naming (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2457\"\u003e#2457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/a523784388a79ce65e42caf4d2731da36a94b386\"\u003e\u003ccode\u003ea523784\u003c/code\u003e\u003c/a\u003e fix: changes for \u003ccode\u003e@​typescript-eslint/array-type\u003c/code\u003e rule (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2467\"\u003e#2467\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/595fe58e64e8d5fb8a50fd7a58f9e7f3bcca0bac\"\u003e\u003ccode\u003e595fe58\u003c/code\u003e\u003c/a\u003e feat: add test for encoded refs and bump fast-uri (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2449\"\u003e#2449\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v8.11.0...v8.18.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsonpath` from 1.1.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bn.js` from 5.2.1 to 5.2.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/indutny/bn.js/blob/master/CHANGELOG.md\"\u003ebn.js's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.2.3 / 2026-02-19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2 / 2025-04-25\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: imuln/muln with zero (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ea6c072a951493ca99e5cd5f8da3851b90116271\"\u003e\u003ccode\u003eea6c072\u003c/code\u003e\u003c/a\u003e 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/33df26b5771e824f303a79ec6407409376baa64b\"\u003e\u003ccode\u003e33df26b\u003c/code\u003e\u003c/a\u003e fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6db7c3818569423b94ebcf2bdff90fcfb9c47f6d\"\u003e\u003ccode\u003e6db7c38\u003c/code\u003e\u003c/a\u003e 5.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c7e1a532566c83fd0297ff7669c227b824928bf4\"\u003e\u003ccode\u003ec7e1a53\u003c/code\u003e\u003c/a\u003e Fix imuln/muln with zero (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/4cc0bfa5195d54876a6b807827e582522c813019\"\u003e\u003ccode\u003e4cc0bfa\u003c/code\u003e\u003c/a\u003e docs: mention the max plain JS number argument value (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/307\"\u003e#307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/5df40f81ea8afb835b909bb7c21e0833cdeb6a30\"\u003e\u003ccode\u003e5df40f8\u003c/code\u003e\u003c/a\u003e Document \u003ccode\u003elength\u003c/code\u003e unit in \u003ccode\u003etoBuffer(...)\u003c/code\u003e input (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/299\"\u003e#299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/indutny/bn.js/compare/v5.2.1...v5.2.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `bn.js` from 4.12.0 to 4.12.3\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/indutny/bn.js/blob/master/CHANGELOG.md\"\u003ebn.js's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.2.3 / 2026-02-19\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e5.2.2 / 2025-04-25\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: imuln/muln with zero (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/ea6c072a951493ca99e5cd5f8da3851b90116271\"\u003e\u003ccode\u003eea6c072\u003c/code\u003e\u003c/a\u003e 5.2.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/33df26b5771e824f303a79ec6407409376baa64b\"\u003e\u003ccode\u003e33df26b\u003c/code\u003e\u003c/a\u003e fix imaskn state (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/317\"\u003e#317\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/6db7c3818569423b94ebcf2bdff90fcfb9c47f6d\"\u003e\u003ccode\u003e6db7c38\u003c/code\u003e\u003c/a\u003e 5.2.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/c7e1a532566c83fd0297ff7669c227b824928bf4\"\u003e\u003ccode\u003ec7e1a53\u003c/code\u003e\u003c/a\u003e Fix imuln/muln with zero (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/313\"\u003e#313\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/4cc0bfa5195d54876a6b807827e582522c813019\"\u003e\u003ccode\u003e4cc0bfa\u003c/code\u003e\u003c/a\u003e docs: mention the max plain JS number argument value (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/307\"\u003e#307\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/indutny/bn.js/commit/5df40f81ea8afb835b909bb7c21e0833cdeb6a30\"\u003e\u003ccode\u003e5df40f8\u003c/code\u003e\u003c/a\u003e Document \u003ccode\u003elength\u003c/code\u003e unit in \u003ccode\u003etoBuffer(...)\u003c/code\u003e input (\u003ca href=\"https://redirect.github.com/indutny/bn.js/issues/299\"\u003e#299\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/indutny/bn.js/compare/v5.2.1...v5.2.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 12.3.7 to 16.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev16.2.4\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: Bump reqwest to 0.13.2 (Fixes Google Fonts with Turbopack for Windows on ARM64) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92713\"\u003e#92713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: fix filesystem watcher config not applying follow_symlinks(false) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92631\"\u003e#92631\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eScope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92580\"\u003e#92580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCompiler: Support boolean and number primtives in next.config defines (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92731\"\u003e#92731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eturbo-tasks: Fix recomputation loop by allowing cell cleanup on error during recomputation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92725\"\u003e#92725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: shorter error for ChunkGroupInfo::get_index_of (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92814\"\u003e#92814\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: shorter error message for ModuleBatchesGraph::get_entry_index (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92828\"\u003e#92828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdding more system info to the 'initialize project' trace (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92427\"\u003e#92427\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/Badbird5907\"\u003e\u003ccode\u003e@​Badbird5907\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukesandberg\"\u003e\u003ccode\u003e@​lukesandberg\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/andrewimm\"\u003e\u003ccode\u003e@​andrewimm\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/sokra\"\u003e\u003ccode\u003e@​sokra\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/mischnic\"\u003e\u003ccode\u003e@​mischnic\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003ch2\u003ev16.2.3\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see \u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e. The release does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure app-page reports stale ISR revalidation errors via onRequestError (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92282\"\u003e#92282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91981\"\u003e#91981\u003c/a\u003e through \u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92273\"\u003e#92273\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeduplicate output assets and detect content conflicts on emit (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92292\"\u003e#92292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix styled-jsx race condition: styles lost due to concurrent rendering (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92459\"\u003e#92459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eturbo-tasks-backend: stability fixes for task cancellation and error handling (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92254\"\u003e#92254\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/icyJoseph\"\u003e\u003ccode\u003e@​icyJoseph\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/sokra\"\u003e\u003ccode\u003e@​sokra\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/wbinnssmith\"\u003e\u003ccode\u003e@​wbinnssmith\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/eps1lon\"\u003e\u003ccode\u003e@​eps1lon\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/ztanner\"\u003e\u003ccode\u003e@​ztanner\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003ch2\u003ev16.2.2\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport: Move expanded adapters docs to API reference (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92115\"\u003e#92115\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92129\"\u003e#92129\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBackport: TypeScript v6 deprecations for baseUrl and moduleResolution (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92130\"\u003e#92130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[create-next-app] Skip interactive prompts when CLI flags are provided (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91840\"\u003e#91840\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003enext.config.js: Accept an option for serverFastRefresh (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91968\"\u003e#91968\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: enable server HMR for app route handlers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91466\"\u003e#91466\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: exclude metadata routes from server HMR (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92034\"\u003e#92034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CI for glibc linux builds\u003c/li\u003e\n\u003cli\u003eBackport: disable bmi2 in qfilter \u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92177\"\u003e#92177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[backport] Fix CSS HMR on Safari (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92174\"\u003e#92174\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2275bd8598c88e8652d1271e74bcf972f72f4f38\"\u003e\u003ccode\u003e2275bd8\u003c/code\u003e\u003c/a\u003e v16.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/e07398321a37115626b0271697e51418db109cad\"\u003e\u003ccode\u003ee073983\u003c/code\u003e\u003c/a\u003e Adding more system info to the 'initialize project' trace (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92427\"\u003e#92427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/8a540b58b683bb79667d6e908d45df0e9e9c9f9c\"\u003e\u003ccode\u003e8a540b5\u003c/code\u003e\u003c/a\u003e Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92\"\u003e#92\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2f5343fafb2052c59cf62018252b75da3e7d424a\"\u003e\u003ccode\u003e2f5343f\u003c/code\u003e\u003c/a\u003e Turbopack: shorter error for ChunkGroupInfo::get_index_of (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92814\"\u003e#92814\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2ad9d3fb58801adb7df87873fc299a4e9a5ab199\"\u003e\u003ccode\u003e2ad9d3f\u003c/code\u003e\u003c/a\u003e turbo-tasks: Fix recomputation loop by allowing cell cleanup on error during ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/6f3808e2043d168d4fb6fa3f9184e755076a16b0\"\u003e\u003ccode\u003e6f3808e\u003c/code\u003e\u003c/a\u003e Compiler: Support boolean and number primtives in next.config defines (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92731\"\u003e#92731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/fbc7684ecbd360da8af602e50780637fc79354d5\"\u003e\u003ccode\u003efbc7684\u003c/code\u003e\u003c/a\u003e Scope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92580\"\u003e#92580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/805d758d935beb0abbc70639c6af0fc9d839273b\"\u003e\u003ccode\u003e805d758\u003c/code\u003e\u003c/a\u003e Turbopack: fix filesystem watcher config not applying follow_symlinks(false) ...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/1056fae3565d88719ef41f5b05447ace75e26d7e\"\u003e\u003ccode\u003e1056fae\u003c/code\u003e\u003c/a\u003e chore: Bump reqwest to 0.13.2 (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92713\"\u003e#92713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/d5f649b2f4affdad1009cb178c1e3b37f4f1ad3f\"\u003e\u003ccode\u003ed5f649b\u003c/code\u003e\u003c/a\u003e v16.2.3\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/vercel/next.js/compare/v12.2.0...v16.2.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `next` from 12.3.7 to 16.2.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/vercel/next.js/releases\"\u003enext's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev16.2.4\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore: Bump reqwest to 0.13.2 (Fixes Google Fonts with Turbopack for Windows on ARM64) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92713\"\u003e#92713\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: fix filesystem watcher config not applying follow_symlinks(false) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92631\"\u003e#92631\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eScope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92580\"\u003e#92580\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eCompiler: Support boolean and number primtives in next.config defines (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92731\"\u003e#92731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eturbo-tasks: Fix recomputation loop by allowing cell cleanup on error during recomputation (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92725\"\u003e#92725\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: shorter error for ChunkGroupInfo::get_index_of (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92814\"\u003e#92814\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: shorter error message for ModuleBatchesGraph::get_entry_index (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92828\"\u003e#92828\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdding more system info to the 'initialize project' trace (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92427\"\u003e#92427\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/Badbird5907\"\u003e\u003ccode\u003e@​Badbird5907\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/lukesandberg\"\u003e\u003ccode\u003e@​lukesandberg\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/andrewimm\"\u003e\u003ccode\u003e@​andrewimm\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/sokra\"\u003e\u003ccode\u003e@​sokra\u003c/code\u003e\u003c/a\u003e, and \u003ca href=\"https://github.com/mischnic\"\u003e\u003ccode\u003e@​mischnic\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003ch2\u003ev16.2.3\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see \u003ca href=\"https://vercel.com/changelog/summary-of-cve-2026-23869\"\u003ehttps://vercel.com/changelog/summary-of-cve-2026-23869\u003c/a\u003e. The release does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eEnsure app-page reports stale ISR revalidation errors via onRequestError (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92282\"\u003e#92282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91981\"\u003e#91981\u003c/a\u003e through \u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92273\"\u003e#92273\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDeduplicate output assets and detect content conflicts on emit (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92292\"\u003e#92292\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix styled-jsx race condition: styles lost due to concurrent rendering (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92459\"\u003e#92459\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eturbo-tasks-backend: stability fixes for task cancellation and error handling (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92254\"\u003e#92254\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCredits\u003c/h3\u003e\n\u003cp\u003eHuge thanks to \u003ca href=\"https://github.com/icyJoseph\"\u003e\u003ccode\u003e@​icyJoseph\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/sokra\"\u003e\u003ccode\u003e@​sokra\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/wbinnssmith\"\u003e\u003ccode\u003e@​wbinnssmith\u003c/code\u003e\u003c/a\u003e, \u003ca href=\"https://github.com/eps1lon\"\u003e\u003ccode\u003e@​eps1lon\u003c/code\u003e\u003c/a\u003e and \u003ca href=\"https://github.com/ztanner\"\u003e\u003ccode\u003e@​ztanner\u003c/code\u003e\u003c/a\u003e for helping!\u003c/p\u003e\n\u003ch2\u003ev16.2.2\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nThis release is backporting bug fixes. It does \u003cstrong\u003enot\u003c/strong\u003e include all pending features/changes on canary.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eCore Changes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ebackport: Move expanded adapters docs to API reference (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92115\"\u003e#92115\u003c/a\u003e) (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92129\"\u003e#92129\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBackport: TypeScript v6 deprecations for baseUrl and moduleResolution (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92130\"\u003e#92130\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[create-next-app] Skip interactive prompts when CLI flags are provided (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91840\"\u003e#91840\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003enext.config.js: Accept an option for serverFastRefresh (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91968\"\u003e#91968\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: enable server HMR for app route handlers (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/91466\"\u003e#91466\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eTurbopack: exclude metadata routes from server HMR (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92034\"\u003e#92034\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix CI for glibc linux builds\u003c/li\u003e\n\u003cli\u003eBackport: disable bmi2 in qfilter \u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92177\"\u003e#92177\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[backport] Fix CSS HMR on Safari (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92174\"\u003e#92174\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2275bd8598c88e8652d1271e74bcf972f72f4f38\"\u003e\u003ccode\u003e2275bd8\u003c/code\u003e\u003c/a\u003e v16.2.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/e07398321a37115626b0271697e51418db109cad\"\u003e\u003ccode\u003ee073983\u003c/code\u003e\u003c/a\u003e Adding more system info to the 'initialize project' trace (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92427\"\u003e#92427\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/8a540b58b683bb79667d6e908d45df0e9e9c9f9c\"\u003e\u003ccode\u003e8a540b5\u003c/code\u003e\u003c/a\u003e Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (\u003ca href=\"https://redirect.github.com/vercel/next.js/issues/92\"\u003e#92\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vercel/next.js/commit/2f5343fafb2052c59cf62018252b75da3e7d424a\"\u003e\u003ccode\u003e2f5343f\u003c/code\u003e\u003c/a\u003e Turbopack: shorter error for ChunkGroupInfo::ge...\n\n_Description has been truncated_","html_url":"https://github.com/Emadalshamery/verite/pull/10","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Emadalshamery%2Fverite/issues/10","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/10/packages"}},{"old_version":"1.1.1","new_version":"1.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-28T21:30:16.000Z","version_change":"1.1.1 → 1.3.0","issue":{"uuid":"4346354784","node_id":"PR_kwDOLmvpg87Wfzg_","number":4,"state":"closed","title":"Bump the npm_and_yarn group across 2 directories with 28 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-09T03:57:49.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-28T21:30:16.000Z","updated_at":"2026-05-09T03:57:51.000Z","time_to_close":887253,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":28,"packages":[{"name":"@babel/helpers","old_version":"7.24.0","new_version":"7.29.2","repository_url":"https://github.com/babel/babel"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"ajv","old_version":"8.12.0","new_version":"8.20.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.11","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"brace-expansion","old_version":"2.0.1","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"braces","old_version":"3.0.2","new_version":"3.0.3","repository_url":"https://github.com/micromatch/braces"},{"name":"cross-spawn","old_version":"7.0.3","new_version":"7.0.6","repository_url":"https://github.com/moxystudio/node-cross-spawn"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"9.0.3","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.1","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.6","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"form-data","old_version":"3.0.1","new_version":"3.0.4","repository_url":"https://github.com/form-data/form-data"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"micromatch","old_version":"4.0.5","new_version":"4.0.8","repository_url":"https://github.com/micromatch/micromatch"},{"name":"nanoid","old_version":"3.3.7","new_version":"3.3.11","repository_url":"https://github.com/ai/nanoid"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"on-headers","old_version":"1.0.2","new_version":"1.1.0","repository_url":"https://github.com/jshttp/on-headers"},{"name":"path-to-regexp","old_version":"0.1.7","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"yaml","old_version":"1.10.2","new_version":"1.10.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"yaml","old_version":"2.4.1","new_version":"2.8.3","repository_url":"https://github.com/eemeli/yaml"},{"name":"rollup","old_version":"2.79.1","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"webpack","old_version":"5.90.3","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"},{"name":"ws","old_version":"8.16.0","new_version":"8.20.0","repository_url":"https://github.com/websockets/ws"},{"name":"ws","old_version":"7.5.9","new_version":"7.5.10","repository_url":"https://github.com/websockets/ws"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 22 updates in the /evaluation/regression/cases/react-todo/outputs/langchains_agent/workspace/todo-app directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.24.0` | `7.29.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [ajv](https://github.com/ajv-validator/ajv) | `8.12.0` | `8.20.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.1` | `2.1.0` |\n| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |\n| [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.3` | `9.0.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.6` | `1.16.0` |\n| [form-data](https://github.com/form-data/form-data) | `3.0.1` | `3.0.4` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` |\n| [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.11` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [on-headers](https://github.com/jshttp/on-headers) | `1.0.2` | `1.1.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.7` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [yaml](https://github.com/eemeli/yaml) | `1.10.2` | `1.10.3` |\n| [yaml](https://github.com/eemeli/yaml) | `2.4.1` | `2.8.3` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.1` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.90.3` | `5.106.2` |\n| [ws](https://github.com/websockets/ws) | `8.16.0` | `8.20.0` |\n| [ws](https://github.com/websockets/ws) | `7.5.9` | `7.5.10` |\n\nBumps the npm_and_yarn group with 17 updates in the /frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [@babel/helpers](https://github.com/babel/babel/tree/HEAD/packages/babel-helpers) | `7.24.0` | `7.29.2` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `removed` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.11` | `1.1.14` |\n| [braces](https://github.com/micromatch/braces) | `3.0.2` | `3.0.3` |\n| [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.3` | `7.0.6` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.1` | `3.4.2` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [micromatch](https://github.com/micromatch/micromatch) | `4.0.5` | `4.0.8` |\n| [nanoid](https://github.com/ai/nanoid) | `3.3.7` | `3.3.11` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [postcss](https://github.com/postcss/postcss) | `8.4.38` | `8.5.12` |\n| [rollup](https://github.com/rollup/rollup) | `4.13.0` | `4.60.2` |\n| [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) | `5.1.6` | `8.0.10` |\n| [prismjs](https://github.com/PrismJS/prism) | `1.27.0` | `1.30.0` |\n\n\nUpdates `@babel/helpers` from 7.24.0 to 7.29.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/babel/babel/releases\"\u003e\u003ccode\u003e@​babel/helpers\u003c/code\u003e's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.29.2 (2026-03-16)\u003c/h2\u003e\n\u003ch4\u003e:eyeglasses: Spec Compliance\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17840\"\u003e#17840\u003c/a\u003e [7.x backport] async x =\u0026gt; {} must be in leading pos (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-helpers\u003c/code\u003e, \u003ccode\u003ebabel-plugin-transform-async-generator-functions\u003c/code\u003e, \u003ccode\u003ebabel-preset-env\u003c/code\u003e, \u003ccode\u003ebabel-runtime-corejs3\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17805\"\u003e#17805\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-preset-env\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17789\"\u003e#17789\u003c/a\u003e [7.x backport] preset-env include/exclude should accept bugfix plugins (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:house: Internal\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17813\"\u003e#17813\u003c/a\u003e chore: update eslint peer deps (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 2\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.1 (2026-02-04)\u003c/h2\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-standalone\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17771\"\u003e#17771\u003c/a\u003e [7.x backport] fix: ensure \u003ccode\u003etargets.esmodules\u003c/code\u003e is validated (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-generator\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17776\"\u003e#17776\u003c/a\u003e [7.x backport] Fix undefined when 64 indents (\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003eCommitters: 2\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003eHuáng Jùnliàng (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/liuxingbaoyu\"\u003e\u003ccode\u003e@​liuxingbaoyu\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev7.29.0 (2026-01-31)\u003c/h2\u003e\n\u003cp\u003eThanks \u003ca href=\"https://github.com/simbahax\"\u003e\u003ccode\u003e@​simbahax\u003c/code\u003e\u003c/a\u003e for your first PR!\u003c/p\u003e\n\u003ch4\u003e:rocket: New Feature\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-types\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17750\"\u003e#17750\u003c/a\u003e [7.x backport] Add attributes import declaration builder (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-standalone\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17663\"\u003e#17663\u003c/a\u003e [7.x backport] feat(standalone): export async transform (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17725\"\u003e#17725\u003c/a\u003e [7.x backport] feat: read standalone targets from data-targets (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch4\u003e:bug: Bug Fix\u003c/h4\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003ebabel-parser\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17765\"\u003e#17765\u003c/a\u003e fix(parser): correctly parse type assertions in \u003ccode\u003eextends\u003c/code\u003e clause (\u003ca href=\"https://github.com/nicolo-ribaudo\"\u003e\u003ccode\u003e@​nicolo-ribaudo\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17723\"\u003e#17723\u003c/a\u003e [7.x backport] fix(parser): improve super type argument parsing (\u003ca href=\"https://github.com/JLHwung\"\u003e\u003ccode\u003e@​JLHwung\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-traverse\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17708\"\u003e#17708\u003c/a\u003e fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (\u003ca href=\"https://github.com/simbahax\"\u003e\u003ccode\u003e@​simbahax\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ebabel-plugin-transform-block-scoping\u003c/code\u003e, \u003ccode\u003ebabel-traverse\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://redirect.github.com/babel/babel/pull/17737\"\u003e#17737\u003c/a\u003e [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (\u003ca href=\"https://github.com/magic-akari\"\u003e\u003ccode\u003e@​magic-akari\u003c/code\u003e\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/37d5595fca9f188f0534458180611f2e776acd31\"\u003e\u003ccode\u003e37d5595\u003c/code\u003e\u003c/a\u003e v7.29.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/1c0a08d95ae7e1c788c7e1ae3a10ee53f7c86864\"\u003e\u003ccode\u003e1c0a08d\u003c/code\u003e\u003c/a\u003e [7.x backport] fix: Properly handle await in finally (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17805\"\u003e#17805\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/d7f400889567ae18ef9ac41b024b5120f6060e17\"\u003e\u003ccode\u003ed7f4008\u003c/code\u003e\u003c/a\u003e v7.28.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/99dcba5e71de3bd81ce14077cfa5b6df58e9b177\"\u003e\u003ccode\u003e99dcba5\u003c/code\u003e\u003c/a\u003e chore: enable some ts-eslint rules (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17592\"\u003e#17592\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/c1b55f6ad56523ccc96fa68721de0bed2f2cdb23\"\u003e\u003ccode\u003ec1b55f6\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003eeslint.config.mts\u003c/code\u003e (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17573\"\u003e#17573\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/35055e392079a65830b7bf5b1d1c1fc4de90a78f\"\u003e\u003ccode\u003e35055e3\u003c/code\u003e\u003c/a\u003e v7.28.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/18d88b83c67c8dbbe63e4ac423e6006c4c01b85c\"\u003e\u003ccode\u003e18d88b8\u003c/code\u003e\u003c/a\u003e Improve \u003ccode\u003e@​babel/core\u003c/code\u003e typings (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17471\"\u003e#17471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/ef155f5ca83c73dbc1ea8d95216830b7dc3b0ac2\"\u003e\u003ccode\u003eef155f5\u003c/code\u003e\u003c/a\u003e v7.28.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/741cbd2381ac0cda3afd42bc04454a87d9d8762a\"\u003e\u003ccode\u003e741cbd2\u003c/code\u003e\u003c/a\u003e chore: fix various typos across codebase (\u003ca href=\"https://github.com/babel/babel/tree/HEAD/packages/babel-helpers/issues/17476\"\u003e#17476\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/babel/babel/commit/cac0ff4c3426eed30b4d27e7971b348da7c9f1e6\"\u003e\u003ccode\u003ecac0ff4\u003c/code\u003e\u003c/a\u003e v7.28.2\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/babel/babel/commits/v7.29.2/packages/babel-helpers\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for \u003ccode\u003e@​babel/helpers\u003c/code\u003e since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.14.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 8.12.0 to 8.20.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.11 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.1 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/juliangruber/brace-expansion/releases\"\u003ebrace-expansion's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.1.12\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003epkg: publish on tag 1.x  c460dbd\u003c/li\u003e\n\u003cli\u003efmt  ccb8ac6\u003c/li\u003e\n\u003cli\u003eFix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)  c3c73c8\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\"\u003ehttps://github.com/juliangruber/brace-expansion/compare/v1.1.11...v1.1.12\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/44f33b47c5c6a965d507421af43e86cf5971d711\"\u003e\u003ccode\u003e44f33b4\u003c/code\u003e\u003c/a\u003e 1.1.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c460dbd68e428d147b2080622d8ce126c7a08570\"\u003e\u003ccode\u003ec460dbd\u003c/code\u003e\u003c/a\u003e pkg: publish on tag 1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/ccb8ac6d4292b7661b677fe048ba6690c877f51f\"\u003e\u003ccode\u003eccb8ac6\u003c/code\u003e\u003c/a\u003e fmt\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/c3c73c8b088defc70851843be88ccc3af08e7217\"\u003e\u003ccode\u003ec3c73c8\u003c/code\u003e\u003c/a\u003e Fix potential ReDoS Vulnerability or Inefficient Regular Expression (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/65\"\u003e#65\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `braces` from 3.0.2 to 3.0.3\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/74b2db2938fad48a2ea54a9c8bf27a37a62c350d\"\u003e\u003ccode\u003e74b2db2\u003c/code\u003e\u003c/a\u003e 3.0.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/88f1429a0f47e1dd3813de35211fc97ffda27f9e\"\u003e\u003ccode\u003e88f1429\u003c/code\u003e\u003c/a\u003e update eslint. lint, fix unit tests.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/415d660c3002d1ab7e63dbf490c9851da80596ff\"\u003e\u003ccode\u003e415d660\u003c/code\u003e\u003c/a\u003e Snyk js braces 6838727 (\u003ca href=\"https://redirect.github.com/micromatch/braces/issues/40\"\u003e#40\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/190510f79db1adf21d92798b0bb6fccc1f72c9d6\"\u003e\u003ccode\u003e190510f\u003c/code\u003e\u003c/a\u003e fix tests, skip 1 test in test/braces.expand\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/716eb9f12d820b145a831ad678618731927e8856\"\u003e\u003ccode\u003e716eb9f\u003c/code\u003e\u003c/a\u003e readme bump\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/a5851e57f45c3431a94d83fc565754bc10f5bbc3\"\u003e\u003ccode\u003ea5851e5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/braces/issues/37\"\u003e#37\u003c/a\u003e from coderaiser/fix/vulnerability\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/2092bd1fb108d2c59bd62e243b70ad98db961538\"\u003e\u003ccode\u003e2092bd1\u003c/code\u003e\u003c/a\u003e feature: braces: add maxSymbols (\u003ca href=\"https://github.com/micromatch/braces/issues/\"\u003ehttps://github.com/micromatch/braces/issues/\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/9f5b4cf47329351bcb64287223ffb6ecc9a5e6d3\"\u003e\u003ccode\u003e9f5b4cf\u003c/code\u003e\u003c/a\u003e fix: vulnerability (\u003ca href=\"https://security.snyk.io/vuln/SNYK-JS-BRACES-6838727\"\u003ehttps://security.snyk.io/vuln/SNYK-JS-BRACES-6838727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/98414f9f1fabe021736e26836d8306d5de747e0d\"\u003e\u003ccode\u003e98414f9\u003c/code\u003e\u003c/a\u003e remove funding file\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/braces/commit/665ab5d561c017a38ba7aafd92cc6655b91d8c14\"\u003e\u003ccode\u003e665ab5d\u003c/code\u003e\u003c/a\u003e update keepEscaping doc (\u003ca href=\"https://redirect.github.com/micromatch/braces/issues/27\"\u003e#27\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/braces/compare/3.0.2...3.0.3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `cross-spawn` from 7.0.3 to 7.0.6\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md\"\u003ecross-spawn's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/compare/v7.0.5...v7.0.6\"\u003e7.0.6\u003c/a\u003e (2024-11-18)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eupdate cross-spawn version to 7.0.5 in package-lock.json (\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/f700743918d901eff92960e15a8dd68f87bd4176\"\u003ef700743\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/compare/v7.0.4...v7.0.5\"\u003e7.0.5\u003c/a\u003e (2024-11-07)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix escaping bug introduced by backtracking (\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f\"\u003e640d391\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.4\"\u003e7.0.4\u003c/a\u003e (2024-11-07)\u003c/h3\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003edisable regexp backtracking (\u003ca href=\"https://redirect.github.com/moxystudio/node-cross-spawn/issues/160\"\u003e#160\u003c/a\u003e) (\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff\"\u003e5ff3a07\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/77cd97f3ca7b62c904a63a698fc4a79bf41977d0\"\u003e\u003ccode\u003e77cd97f\u003c/code\u003e\u003c/a\u003e chore(release): 7.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/6717de49ff1e5de49622488dcb9c33fb25370c85\"\u003e\u003ccode\u003e6717de4\u003c/code\u003e\u003c/a\u003e chore: upgrade standard-version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/f700743918d901eff92960e15a8dd68f87bd4176\"\u003e\u003ccode\u003ef700743\u003c/code\u003e\u003c/a\u003e fix: update cross-spawn version to 7.0.5 in package-lock.json\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/9a7e3b2165917367f74b8365faad9873b30d7263\"\u003e\u003ccode\u003e9a7e3b2\u003c/code\u003e\u003c/a\u003e chore: fix build status badge\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/085268352dcbcad8064c64c5efb25268b4023184\"\u003e\u003ccode\u003e0852683\u003c/code\u003e\u003c/a\u003e chore(release): 7.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f\"\u003e\u003ccode\u003e640d391\u003c/code\u003e\u003c/a\u003e fix: fix escaping bug introduced by backtracking\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/bff0c87c8b627c4e6d04ec2449e733048bebb464\"\u003e\u003ccode\u003ebff0c87\u003c/code\u003e\u003c/a\u003e chore: remove codecov\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/a7c6abc6fee79641d45b452fe6217deaa1bd0973\"\u003e\u003ccode\u003ea7c6abc\u003c/code\u003e\u003c/a\u003e chore: replace travis with github workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/9b9246e0969e86656d7ccd527716bc3c18842a19\"\u003e\u003ccode\u003e9b9246e\u003c/code\u003e\u003c/a\u003e chore(release): 7.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff\"\u003e\u003ccode\u003e5ff3a07\u003c/code\u003e\u003c/a\u003e fix: disable regexp backtracking (\u003ca href=\"https://redirect.github.com/moxystudio/node-cross-spawn/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/moxystudio/node-cross-spawn/compare/v7.0.3...v7.0.6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 9.0.3 to 9.0.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 5.1.6 to 5.1.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.1 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.1...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.6 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/21ef28a544c5e57f4c34b8476d75f2144609a1eb\"\u003e\u003ccode\u003e21ef28a\u003c/code\u003e\u003c/a\u003e Release version 1.15.11 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7c88135da3bd0681a7e156ee66b16b2f6f98b480\"\u003e\u003ccode\u003e7c88135\u003c/code\u003e\u003c/a\u003e Roll back tree shaking.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/6e389ba094beec211a8847788a146917a16c1bdb\"\u003e\u003ccode\u003e6e389ba\u003c/code\u003e\u003c/a\u003e Release version 1.15.10 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5bc496e0229abda823221e0c6267926a3f93f262\"\u003e\u003ccode\u003e5bc496e\u003c/code\u003e\u003c/a\u003e Shake me up before you go-go.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/694d6b47a42bc8377e5ef1480394de451e16bd5b\"\u003e\u003ccode\u003e694d6b4\u003c/code\u003e\u003c/a\u003e Bump minimist from 1.2.5 to 1.2.8\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.6...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `form-data` from 3.0.1 to 3.0.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/form-data/form-data/releases\"\u003eform-data's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.2\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003enpmignore temporary build files (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/532\"\u003e#532\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003emove util.isArray to Array.isArray (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/564\"\u003e#564\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eTests\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003emigrate from travis to GHA\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/form-data/form-data/blob/master/CHANGELOG.md\"\u003eform-data's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.3...v3.0.4\"\u003ev3.0.4\u003c/a\u003e - 2025-07-16\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/577\"\u003e\u003ccode\u003e[#577](https://github.com/form-data/form-data/issues/577)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[eslint] update linting config \u003ca href=\"https://github.com/form-data/form-data/commit/f5e7eb024bc3fc7e2074ff80f143a4f4cbc1dbda\"\u003e\u003ccode\u003ef5e7eb0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5\"\u003e\u003ccode\u003ed2eb290\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23 \u003ca href=\"https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f\"\u003e\u003ccode\u003ee8c574c\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values \u003ca href=\"https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd\"\u003e\u003ccode\u003ec6ced61\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003ehasown\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/1a78b5dd05e508d67e97764d812ac7c6d92ea88d\"\u003e\u003ccode\u003e1a78b5d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method \u003ca href=\"https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4\"\u003e\u003ccode\u003e70bbaa0\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] add tests to check the behavior of \u003ccode\u003egetBoundary\u003c/code\u003e with non-strings \u003ca href=\"https://github.com/form-data/form-data/commit/b22a64ef94ba4f3f6ff7d1ac72a54cca128567df\"\u003e\u003ccode\u003eb22a64e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] actually ensure the readme backup isn’t published \u003ca href=\"https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea\"\u003e\u003ccode\u003e0150851\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] remove local commit hooks \u003ca href=\"https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769\"\u003e\u003ccode\u003efc42bb9\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] remove unused deps \u003ca href=\"https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb\"\u003e\u003ccode\u003ea14d09e\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix scripts to use prepublishOnly \u003ca href=\"https://github.com/form-data/form-data/commit/11d9f7338f18a59b431832a3562b49baece0a432\"\u003e\u003ccode\u003e11d9f73\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[meta] fix readme capitalization \u003ca href=\"https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932\"\u003e\u003ccode\u003efc38b48\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.2...v3.0.3\"\u003ev3.0.3\u003c/a\u003e - 2025-02-14\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/573\"\u003e\u003ccode\u003e[#573](https://github.com/form-data/form-data/issues/573)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] set \u003ccode\u003eSymbol.toStringTag\u003c/code\u003e when available (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/573\"\u003e#573\u003c/a\u003e) \u003ca href=\"https://redirect.github.com/form-data/form-data/issues/396\"\u003e\u003ccode\u003e[#396](https://github.com/form-data/form-data/issues/396)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Refactor] use \u003ccode\u003eObject.prototype.hasOwnProperty.call\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/7fecefe4ba8f775634aff86a698776ad95ecffb5\"\u003e\u003ccode\u003e7fecefe\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@types/node\u003c/code\u003e, \u003ccode\u003ebrowserify\u003c/code\u003e, \u003ccode\u003ecoveralls\u003c/code\u003e, \u003ccode\u003ecross-spawn\u003c/code\u003e, \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003eformidable\u003c/code\u003e, \u003ccode\u003ein-publish\u003c/code\u003e, \u003ccode\u003epkgfiles\u003c/code\u003e, \u003ccode\u003epre-commit\u003c/code\u003e, \u003ccode\u003epuppeteer\u003c/code\u003e, \u003ccode\u003erequest\u003c/code\u003e, \u003ccode\u003etape\u003c/code\u003e, \u003ccode\u003etypescript\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/8261fcb8bf5944d30ae3bd04b91b71d6a9932ef4\"\u003e\u003ccode\u003e8261fcb\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eOnly apps should have lockfiles \u003ca href=\"https://github.com/form-data/form-data/commit/b82f59093cdbadb4b7ec0922d33ae7ab048b82ff\"\u003e\u003ccode\u003eb82f590\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] pin \u003ccode\u003erequest\u003c/code\u003e which via \u003ccode\u003etough-cookie\u003c/code\u003e ^2.4 depends on \u003ccode\u003epsl\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/e5df7f24383342264bd73dee3274818a40d04065\"\u003e\u003ccode\u003ee5df7f2\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003emime-types\u003c/code\u003e \u003ca href=\"https://github.com/form-data/form-data/commit/5a5bafee894fead10da49e1fa2b084e17f2e1034\"\u003e\u003ccode\u003e5a5bafe\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.1...v3.0.2\"\u003ev3.0.2\u003c/a\u003e - 2024-10-10\u003c/h2\u003e\n\u003ch3\u003eMerged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix (npmignore): ignore temporary build files \u003ca href=\"https://redirect.github.com/form-data/form-data/pull/532\"\u003e\u003ccode\u003e[#532](https://github.com/form-data/form-data/issues/532)\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eCommits\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e[Tests] migrate from travis to GHA \u003ca href=\"https://github.com/form-data/form-data/commit/8fdb3bc6b5d001f8909a9fca391d1d1d97ef1d79\"\u003e\u003ccode\u003e8fdb3bc\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e[eslint] clean up ignores \u003ca href=\"https://github.com/form-data/form-data/commit/3217b3ded8e382e51171d5c74c6038a21cc54440\"\u003e\u003ccode\u003e3217b3d\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: move util.isArray to Array.isArray (\u003ca href=\"https://redirect.github.com/form-data/form-data/issues/564\"\u003e#564\u003c/a\u003e) \u003ca href=\"https://github.com/form-data/form-data/commit/edb555a811f6f7e4668db4831551cf41c1de1cac\"\u003e\u003ccode\u003eedb555a\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/9c82fcdf0858b2764060a87803a55375ffbee6ed\"\u003e\u003ccode\u003e9c82fcd\u003c/code\u003e\u003c/a\u003e v3.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/e8c574cb07ff3a0de2ecc0912d783ef22e190c1f\"\u003e\u003ccode\u003ee8c574c\u003c/code\u003e\u003c/a\u003e [Tests] handle predict-v8-randomness failures in node \u0026lt; 17 and node \u0026gt; 23\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/c6ced61d4fae8f617ee2fd692133ed87baa5d0fd\"\u003e\u003ccode\u003ec6ced61\u003c/code\u003e\u003c/a\u003e [Fix] Switch to using \u003ccode\u003ecrypto\u003c/code\u003e random for boundary values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/01508513ffb26fd662ae7027834b325af8efb9ea\"\u003e\u003ccode\u003e0150851\u003c/code\u003e\u003c/a\u003e [meta] actually ensure the readme backup isn’t published\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/fc38b4834a117a1856f3d877eb2f5b7496a24932\"\u003e\u003ccode\u003efc38b48\u003c/code\u003e\u003c/a\u003e [meta] fix readme capitalization\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/d2eb290a3e47ed5bcad7020d027daa15b3cf5ef5\"\u003e\u003ccode\u003ed2eb290\u003c/code\u003e\u003c/a\u003e [meta] add \u003ccode\u003eauto-changelog\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/fc42bb9315b641bfa6dae51cb4e188a86bb04769\"\u003e\u003ccode\u003efc42bb9\u003c/code\u003e\u003c/a\u003e [meta] remove local commit hooks\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/a14d09ea8ed7e0a2e1705269ce6fb54bb7ee6bdb\"\u003e\u003ccode\u003ea14d09e\u003c/code\u003e\u003c/a\u003e [Dev Deps] remove unused deps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/002b9b0c4862576305292ac44f7be25ec7ccea0e\"\u003e\u003ccode\u003e002b9b0\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eappend\u003c/code\u003e: avoid a crash on nullish values\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/form-data/form-data/commit/70bbaa0b395ca0fb975c309de8d7286979254cc4\"\u003e\u003ccode\u003e70bbaa0\u003c/code\u003e\u003c/a\u003e [Fix] validate boundary type in \u003ccode\u003esetBoundary()\u003c/code\u003e method\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/form-data/form-data/compare/v3.0.1...v3.0.4\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ljharb\"\u003eljharb\u003c/a\u003e, a new releaser for form-data since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepublish\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsonpath` from 1.1.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `micromatch` from 4.0.5 to 4.0.8\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/micromatch/releases\"\u003emicromatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.0.8\u003c/h2\u003e\n\u003cp\u003eUltimate release that fixes both CVE-2024-4067 and CVE-2024-4068. We consider the issues low-priority, so even if you see automated scanners saying otherwise, don't be scared.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md\"\u003emicromatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[4.0.8] - 2024-08-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ebackported CVE-2024-4067 fix (from v4.0.6) over to 4.x branch\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.7] - 2024-05-22\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ethis is basically v4.0.5, with some README updates\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eit is vulnerable to CVE-2024-4067\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eUpdated braces to v3.0.3 to avoid CVE-2024-4068\u003c/li\u003e\n\u003cli\u003edoes NOT break API compatibility\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.6] - 2024-05-21\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003ehasBraces\u003c/code\u003e to check if a pattern contains braces.\u003c/li\u003e\n\u003cli\u003eFixes CVE-2024-4067\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eBREAKS API COMPATIBILITY\u003c/strong\u003e\u003c/li\u003e\n\u003cli\u003eShould be labeled as a major release, but it's not.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/8bd704ec0d9894693d35da425d827819916be920\"\u003e\u003ccode\u003e8bd704e\u003c/code\u003e\u003c/a\u003e 4.0.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/a0e68416a44da10f3e4e30845ab95af4fd286d5a\"\u003e\u003ccode\u003ea0e6841\u003c/code\u003e\u003c/a\u003e run verb to generate README documentation\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/4ec288484f6e8cccf597ad3d43529c31d0f7a02a\"\u003e\u003ccode\u003e4ec2884\u003c/code\u003e\u003c/a\u003e Merge branch 'v4' into hauserkristof-feature/v4.0.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade\"\u003e\u003ccode\u003e03aa805\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/micromatch/issues/266\"\u003e#266\u003c/a\u003e from hauserkristof/feature/v4.0.8\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/814f5f70efcd100ca9d29198867812a3d6ab91a8\"\u003e\u003ccode\u003e814f5f7\u003c/code\u003e\u003c/a\u003e lint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/67fcce6a1077c2faf5ad0c5f998fa70202cc5dae\"\u003e\u003ccode\u003e67fcce6\u003c/code\u003e\u003c/a\u003e fix: CHANGELOG about braces \u0026amp; CVE-2024-4068, v4.0.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/113f2e3fa7cb30b429eda7c4c38475a8e8ba1b30\"\u003e\u003ccode\u003e113f2e3\u003c/code\u003e\u003c/a\u003e fix: CVE numbers in CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/d9dbd9a266686f44afb38da26fe016f96d1ec04f\"\u003e\u003ccode\u003ed9dbd9a\u003c/code\u003e\u003c/a\u003e feat: updated CHANGELOG\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/2ab13157f416679f54e3a32b1425e184bd16749e\"\u003e\u003ccode\u003e2ab1315\u003c/code\u003e\u003c/a\u003e fix: use actions/setup-node@v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/micromatch/commit/1406ea38f3e24b29f4d4f46908d5cffcb3e6c4ce\"\u003e\u003ccode\u003e1406ea3\u003c/code\u003e\u003c/a\u003e feat: rework test to work on macos with node 10,12 and 14\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/micromatch/micromatch/compare/4.0.5...4.0.8\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `nanoid` from 3.3.7 to 3.3.11\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ai/nanoid/releases\"\u003enanoid's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.3.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed React Native support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.3.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed React Native support (by \u003ca href=\"https://github.com/steida\"\u003e\u003ccode\u003e@​steida\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.3.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced npm package size.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ai/nanoid/blob/main/CHANGELOG.md\"\u003enanoid's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e3.3.11\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed React Native support.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.3.10\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed React Native support (by \u003ca href=\"https://github.com/steida\"\u003e\u003ccode\u003e@​steida\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.3.9\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced npm package size.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.3.8\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed a way to break Nano ID by passing non-integer size (by \u003ca href=\"https://github.com/myndzi\"\u003e\u003ccode\u003e@​myndzi\u003c/code\u003e\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ai/nanoid/commit/37289ceee51a3194a1f121a1e5d2bbb864076b74\"\u003e\u003ccode\u003e37289ce\u003c/code\u003e\u003c/a\u003e Release 3.3.11 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ai/nanoid/commit/23690b77719ec8043c2509d28c1d74b0e2295b75\"\u003e\u003ccode\u003e23690b7\u003c/code\u003e\u003c/a\u003e Fix CI\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ai/nanoid/commit/c147962de7f5da3311a0e731030a28f49c5266a3\"\u003e\u003ccode\u003ec147962\u003c/code\u003e\u003c/a\u003e Fix RN support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ai/nanoid/commit/a83734e28fa071f51fe3614a5fb891f08a4b91b2\"\u003e\u003ccode\u003ea83734e\u003c/code\u003e\u003c/a\u003e Move to manually ESM/CJS dual package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ai/nanoid/commit/bb12e8a6f9c37ebe0b5ff2c697b8f9dcf34c8948\"\u003e\u003ccode\u003ebb12e8a\u003c/code\u003e\u003c/a\u003e Release 3.3.10 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ai/nanoid/commit/8f44264cd724080447f40620974163f1daca4612\"\u003e\u003ccode\u003e8f44264\u003c/code\u003e\u003c/a\u003e Fix Expo support\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ai/nanoid/commit/adf9b0c05eeeebbbf391c16bbd93da2fc275e235\"\u003e\u003ccode\u003eadf9b0c\u003c/code\u003e\u003c/a\u003e Release 3.3.9 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ai/nanoid/commit/1c6f08825b4f17c4462bd1c19dbc3f1c5626b76f\"\u003e\u003ccode\u003e1c6f088\u003c/code\u003e\u003c/a\u003e Remove dev file from npm package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ai/nanoid/commit/3044cd5e73f4cf31795f61f6e6b961c8c0a5c744\"\u003e\u003ccode\u003e3044cd5\u003c/code\u003e\u003c/a\u003e Release 3.3.8 version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ai/nanoid/commit/4fe34959c34e5b3573889ed4f24fe91d1d3e7231\"\u003e\u003ccode\u003e4fe3495\u003c/code\u003e\u003c/a\u003e Update size limit\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/ai/nanoid/compare/3.3.7...3.3.11\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signatu...\n\n_Description has been truncated_","html_url":"https://github.com/halilertekin/OpenDevin/pull/4","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/halilertekin%2FOpenDevin/issues/4","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/4/packages"}},{"old_version":"1.1.1","new_version":"1.3.0","update_type":"minor","path":"/frontend","pr_created_at":"2026-04-25T17:46:33.000Z","version_change":"1.1.1 → 1.3.0","issue":{"uuid":"4328824649","node_id":"PR_kwDOSLpcPc7VoDsa","number":52,"state":"closed","title":"Bump jsonpath from 1.1.1 to 1.3.0 in /frontend","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-25T18:38:53.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-25T17:46:33.000Z","updated_at":"2026-04-25T18:39:00.000Z","time_to_close":3140,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"}],"path":"/frontend","ecosystem":"npm"},"body":"Bumps [jsonpath](https://github.com/dchester/jsonpath) from 1.1.1 to 1.3.0.\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=jsonpath\u0026package-manager=npm_and_yarn\u0026previous-version=1.1.1\u0026new-version=1.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\nYou can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Zintradev/ML-Threat-Dashboard/network/alerts).\n\n\u003c/details\u003e","html_url":"https://github.com/Zintradev/ML-Threat-Dashboard/pull/52","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Zintradev%2FML-Threat-Dashboard/issues/52","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/52/packages"}},{"old_version":"1.1.1","new_version":"1.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-25T16:20:23.000Z","version_change":"1.1.1 → 1.3.0","issue":{"uuid":"4328627121","node_id":"PR_kwDOSLpcPc7Vnc38","number":39,"state":"closed","title":"Bump the npm_and_yarn group across 1 directory with 16 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-25T16:40:00.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-25T16:20:23.000Z","updated_at":"2026-04-25T16:40:08.000Z","time_to_close":1177,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":16,"packages":[{"name":"axios","old_version":"1.12.2","new_version":"1.15.0","repository_url":"https://github.com/axios/axios"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"brace-expansion","old_version":"2.0.2","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"9.0.5","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.1","repository_url":"https://github.com/ljharb/qs"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"webpack","old_version":"5.102.0","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 15 updates in the /frontend directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.12.2` | `1.15.0` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.1` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.102.0` | `5.106.2` |\n\n\nUpdates `axios` from 1.12.2 to 1.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.0\u003c/h2\u003e\n\u003cp\u003eThis release delivers two critical security patches, adds runtime support for Deno and Bun, and includes significant CI hardening, documentation improvements, and routine dependency updates.\u003c/p\u003e\n\u003ch2\u003e⚠️ Important Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecation:\u003c/strong\u003e \u003ccode\u003eurl.parse()\u003c/code\u003e usage has been replaced to address Node.js deprecation warnings. If you are on a recent version of Node.js, this resolves console warnings you may have been seeing. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Handling:\u003c/strong\u003e Fixed a \u003ccode\u003eno_proxy\u003c/code\u003e hostname normalisation bypass that could lead to Server-Side Request Forgery (SSRF). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection:\u003c/strong\u003e Fixed an unrestricted cloud metadata exfiltration vulnerability via a header injection chain. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10660\"\u003e#10660\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRuntime Support:\u003c/strong\u003e Added compatibility checks and documentation for Deno and Bun environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10652\"\u003e#10652\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10653\"\u003e#10653\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCI Security:\u003c/strong\u003e Hardened workflow permissions to least privilege, added the \u003ccode\u003ezizmor\u003c/code\u003e security scanner, pinned action versions, and gated npm publishing with OIDC and environment protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10627\"\u003e#10627\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eserialize-javascript\u003c/code\u003e, \u003ccode\u003ehandlebars\u003c/code\u003e, \u003ccode\u003epicomatch\u003c/code\u003e, \u003ccode\u003evite\u003c/code\u003e, and \u003ccode\u003edenoland/setup-deno\u003c/code\u003e to latest versions. Added a 7-day Dependabot cooldown period. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10574\"\u003e#10574\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10572\"\u003e#10572\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10568\"\u003e#10568\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10616\"\u003e#10616\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocumentation:\u003c/strong\u003e Unified docs, improved \u003ccode\u003ebeforeRedirect\u003c/code\u003e credential leakage example, clarified \u003ccode\u003ewithCredentials\u003c/code\u003e/\u003ccode\u003ewithXSRFToken\u003c/code\u003e behaviour, HTTP/2 support notes, async/await timeout error handling, header case preservation, and various typo fixes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10649\"\u003e#10649\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7452\"\u003e#7452\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7471\"\u003e#7471\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10654\"\u003e#10654\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHousekeeping:\u003c/strong\u003e Removed stale files, regenerated lockfile, and updated sponsor scripts and blocks. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10584\"\u003e#10584\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10650\"\u003e#10650\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10582\"\u003e#10582\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10640\"\u003e#10640\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10659\"\u003e#10659\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10668\"\u003e#10668\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Added regression coverage for urlencoded \u003ccode\u003eContent-Type\u003c/code\u003e casing. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve Axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/raashish1601\"\u003e\u003ccode\u003e@​raashish1601\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Kilros0817\"\u003e\u003ccode\u003e@​Kilros0817\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ashstrc\"\u003e\u003ccode\u003e@​ashstrc\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7452\"\u003e#7452\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.0\u003c/h2\u003e\n\u003cp\u003eThis release focuses on compatibility fixes, adapter stability improvements, and test/tooling modernisation.\u003c/p\u003e\n\u003ch2\u003e⚠️ Important Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking Changes:\u003c/strong\u003e None identified in this release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAction Required:\u003c/strong\u003e If you rely on env-based proxy behaviour or CJS resolution edge-cases, validate your integration after upgrade (notably \u003ccode\u003eproxy-from-env\u003c/code\u003e v2 alignment and \u003ccode\u003emain\u003c/code\u003e entry compatibility fix).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRuntime Features:\u003c/strong\u003e No new end-user features were introduced in this release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTest Coverage Expansion:\u003c/strong\u003e Added broader smoke/module test coverage for CJS and ESM package usage. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7510\"\u003e#7510\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeaders:\u003c/strong\u003e Trim trailing CRLF in normalised header values. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7456\"\u003e#7456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/2:\u003c/strong\u003e Close detached HTTP/2 sessions on timeout to avoid lingering sessions. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7457\"\u003e#7457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Cancel \u003ccode\u003eReadableStream\u003c/code\u003e created during request-stream capability probing to prevent async resource leaks. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7515\"\u003e#7515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Handling:\u003c/strong\u003e Fixed env proxy behavior with \u003ccode\u003eproxy-from-env\u003c/code\u003e v2 usage. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7499\"\u003e#7499\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.0 - April 7, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers two critical security patches targeting header injection and SSRF via proxy bypass, adds official runtime support for Deno and Bun, and includes significant CI security hardening.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection (CRLF):\u003c/strong\u003e Rejects any header value containing \u003ccode\u003e\\r\u003c/code\u003e or \u003ccode\u003e\\n\u003c/code\u003e characters to block CRLF injection chains that could be used to exfiltrate cloud metadata (IMDS). Behavior change: headers with CR/LF now throw \u003ccode\u003e\u0026quot;Invalid character in header content\u0026quot;\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10660\"\u003e#10660\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eSSRF via \u003ccode\u003eno_proxy\u003c/code\u003e Bypass:\u003c/strong\u003e Introduces a \u003ccode\u003eshouldBypassProxy\u003c/code\u003e helper that normalises hostnames (strips trailing dots, handles bracketed IPv6) before evaluating \u003ccode\u003eno_proxy\u003c/code\u003e/\u003ccode\u003eNO_PROXY\u003c/code\u003e rules, closing a gap that could cause loopback or internal hosts to be inadvertently proxied. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDeno \u0026amp; Bun Runtime Support:\u003c/strong\u003e Added full smoke test suites for Deno and Bun, with CI workflows that run both runtimes before any release is cut. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10652\"\u003e#10652\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNode.js v22 Compatibility:\u003c/strong\u003e Replaced deprecated \u003ccode\u003eurl.parse()\u003c/code\u003e calls with the WHATWG \u003ccode\u003eURL\u003c/code\u003e/\u003ccode\u003eURLSearchParams\u003c/code\u003e API across examples, sandbox, and tests, eliminating \u003ccode\u003eDEP0169\u003c/code\u003e deprecation warnings on Node.js v22+. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCI Security Hardening:\u003c/strong\u003e Added \u003ca href=\"https://github.com/zizmorcore/zizmor\"\u003ezizmor\u003c/a\u003e GitHub Actions security scanner; switched npm publish to OIDC Trusted Publishing (removing the long-lived \u003ccode\u003eNODE_AUTH_TOKEN\u003c/code\u003e); pinned all action references to full commit SHAs; narrowed workflow permissions to least privilege; gated the publish step behind a dedicated \u003ccode\u003enpm-publish\u003c/code\u003e environment; and blocked the sponsor-block workflow from running on forks. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10627\"\u003e#10627\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10641\"\u003e#10641\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Clarified HTTP/2 support and the unsupported \u003ccode\u003ehttpVersion\u003c/code\u003e option; added documentation for header case preservation; improved the \u003ccode\u003ebeforeRedirect\u003c/code\u003e example to prevent accidental credential leakage. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10654\"\u003e#10654\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003epicomatch\u003c/code\u003e, \u003ccode\u003ehandlebars\u003c/code\u003e, \u003ccode\u003eserialize-javascript\u003c/code\u003e, \u003ccode\u003evite\u003c/code\u003e (×3), \u003ccode\u003edenoland/setup-deno\u003c/code\u003e, and 4 additional dev dependencies to latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10564\"\u003e#10564\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10565\"\u003e#10565\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10567\"\u003e#10567\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10568\"\u003e#10568\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10572\"\u003e#10572\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10574\"\u003e#10574\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Kilros0817\"\u003e\u003ccode\u003e@​Kilros0817\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10616\"\u003e#10616\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10617\"\u003e#10617\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10641\"\u003e#10641\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ashstrc\"\u003e\u003ccode\u003e@​ashstrc\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/raashish1601\"\u003e\u003ccode\u003e@​raashish1601\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.14.0...v1.15.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.14.0 - March 27, 2026\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the \u003ccode\u003eformidable\u003c/code\u003e dependency, resolves a CommonJS compatibility regression, hardens proxy and HTTP/2 handling, and modernises the build and test toolchain.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormidable Vulnerability:\u003c/strong\u003e Upgraded \u003ccode\u003eformidable\u003c/code\u003e from v2 to v3 to address a reported arbitrary-file vulnerability. Updated test server and assertions to align with the v3 API. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7533\"\u003e#7533\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/772a4e54ecc4cc2421e2b746daff0aca10f359d7\"\u003e\u003ccode\u003e772a4e5\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10671\"\u003e#10671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4b071371be2f810b4bc7797a13838e0f806ebb22\"\u003e\u003ccode\u003e4b07137\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.0 to 8.0.5 in /tests/smoke/esm (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/51e57b39db251bfe3d34af5c943dfea18e06c8b6\"\u003e\u003ccode\u003e51e57b3\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.2 to 8.0.5 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/fba1a77930f0c459677b729161627234b88c90aa\"\u003e\u003ccode\u003efba1a77\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.2 to 8.0.5 in /tests/module/esm (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0bf6e28eac86e87da2b60bbf5ea4237910e1a08e\"\u003e\u003ccode\u003e0bf6e28\u003c/code\u003e\u003c/a\u003e chore(deps): bump denoland/setup-deno in the github-actions group (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/8107157c572ee4a54cb28c01ab7f7f3d895ba661\"\u003e\u003ccode\u003e8107157\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the development_dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e66530e3302d56176befd0778155dafea2487542\"\u003e\u003ccode\u003ee66530e\u003c/code\u003e\u003c/a\u003e ci: require npm-publish environment for releases (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/49f23cbfe4d308a075281c5f798d4c68f648cbe2\"\u003e\u003ccode\u003e49f23cb\u003c/code\u003e\u003c/a\u003e chore(sponsor): update sponsor block (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10668\"\u003e#10668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1\"\u003e\u003ccode\u003e3631854\u003c/code\u003e\u003c/a\u003e fix: unrestricted cloud metadata exfiltration via header injection chain (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10\"\u003e#10\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df\"\u003e\u003ccode\u003efb3befb\u003c/code\u003e\u003c/a\u003e fix: no_proxy hostname normalization bypass leads to ssrf (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.12.2...v1.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.14.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.2 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 9.0.5 to 9.0.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 5.1.6 to 5.1.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsonpath` from 1.1.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.7 / 2015-07-28\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression with escaped round brackets and matching groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.6 / 2015-06-19\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eindex\u003c/code\u003e feature by outputting all parameters, unnamed and named.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.5 / 2015-05-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an index property for position in match result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.4 / 2015-03-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd license information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.3 / 2014-07-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBetter array support\u003c/li\u003e\n\u003cli\u003eImproved support for trailing slash in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.0 / 2014-03-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eadd options.end\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.0.2 / 2013-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to match current express\u003c/li\u003e\n\u003cli\u003eadd .license property to component.json\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0\"\u003e\u003ccode\u003e9fd0c87\u003c/code\u003e\u003c/a\u003e 0.1.13 (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/425\"\u003e#425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45\"\u003e\u003ccode\u003e7ccf02c\u003c/code\u003e\u003c/a\u003e fix: CVE-2026-4867\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for path-to-regexp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.13.0 to 6.15.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.3\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003e[Fix] fix regressions from robustness refactor\n[actions] update reusable workflows\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/c85b67f0a35897c2d3d1dd2766a3c8f1bd9b371f\"\u003e\u003ccode\u003ec85b67f\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/4dfa0f09798f79b08c9727fde391b1aa4ec8572d\"\u003e\u003ccode\u003e4dfa0f0\u003c/code\u003e\u003c/a\u003e [Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/dbb05d7bd9a86b9125dd8e1e0d3dcae62abe106b\"\u003e\u003ccode\u003edbb05d7\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/b0cfe7cc01f3f7241c1d5cb444c99c0e87b68961\"\u003e\u003ccode\u003eb0cfe7c\u003c/code\u003e\u003c/a\u003e [Tests] increase coverage\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/d9b4c6630337...\n\n_Description has been truncated_","html_url":"https://github.com/Zintradev/ML-Threat-Dashboard/pull/39","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Zintradev%2FML-Threat-Dashboard/issues/39","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/39/packages"}},{"old_version":"1.1.1","new_version":"1.3.0","update_type":"minor","path":null,"pr_created_at":"2026-04-25T11:57:32.000Z","version_change":"1.1.1 → 1.3.0","issue":{"uuid":"4328024647","node_id":"PR_kwDOSLpcPc7VlqRN","number":2,"state":"closed","title":"Bump the npm_and_yarn group across 1 directory with 17 updates","user":"dependabot[bot]","labels":["dependencies","javascript"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-04-25T12:30:33.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-25T11:57:32.000Z","updated_at":"2026-04-25T12:30:43.000Z","time_to_close":1981,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","group_name":"npm_and_yarn","update_count":17,"packages":[{"name":"axios","old_version":"1.12.2","new_version":"1.15.0","repository_url":"https://github.com/axios/axios"},{"name":"js-yaml","old_version":"3.14.1","new_version":"3.14.2","repository_url":"https://github.com/nodeca/js-yaml"},{"name":"ajv","old_version":"6.12.6","new_version":"6.15.0","repository_url":"https://github.com/ajv-validator/ajv"},{"name":"brace-expansion","old_version":"1.1.12","new_version":"1.1.14","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"brace-expansion","old_version":"2.0.2","new_version":"2.1.0","repository_url":"https://github.com/juliangruber/brace-expansion"},{"name":"minimatch","old_version":"3.1.2","new_version":"3.1.5","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"9.0.5","new_version":"9.0.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"minimatch","old_version":"5.1.6","new_version":"5.1.9","repository_url":"https://github.com/isaacs/minimatch"},{"name":"flatted","old_version":"3.3.3","new_version":"3.4.2","repository_url":"https://github.com/WebReflection/flatted"},{"name":"follow-redirects","old_version":"1.15.11","new_version":"1.16.0","repository_url":"https://github.com/follow-redirects/follow-redirects"},{"name":"jsonpath","old_version":"1.1.1","new_version":"1.3.0","repository_url":"https://github.com/dchester/jsonpath"},{"name":"lodash","old_version":"4.17.21","new_version":"4.18.1","repository_url":"https://github.com/lodash/lodash"},{"name":"node-forge","old_version":"1.3.1","new_version":"1.4.0","repository_url":"https://github.com/digitalbazaar/forge"},{"name":"path-to-regexp","old_version":"0.1.12","new_version":"0.1.13","repository_url":"https://github.com/pillarjs/path-to-regexp"},{"name":"picomatch","old_version":"2.3.1","new_version":"2.3.2","repository_url":"https://github.com/micromatch/picomatch"},{"name":"qs","old_version":"6.13.0","new_version":"6.15.1","repository_url":"https://github.com/ljharb/qs"},{"name":"react-router","old_version":"7.9.3","new_version":"7.14.2","repository_url":"https://github.com/remix-run/react-router"},{"name":"rollup","old_version":"2.79.2","new_version":"2.80.0","repository_url":"https://github.com/rollup/rollup"},{"name":"webpack","old_version":"5.102.0","new_version":"5.106.2","repository_url":"https://github.com/webpack/webpack"}],"path":null,"ecosystem":"npm"},"body":"Bumps the npm_and_yarn group with 16 updates in the /frontend/ml-threat-dashboard directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [axios](https://github.com/axios/axios) | `1.12.2` | `1.15.0` |\n| [js-yaml](https://github.com/nodeca/js-yaml) | `3.14.1` | `3.14.2` |\n| [ajv](https://github.com/ajv-validator/ajv) | `6.12.6` | `6.15.0` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `1.1.12` | `1.1.14` |\n| [brace-expansion](https://github.com/juliangruber/brace-expansion) | `2.0.2` | `2.1.0` |\n| [minimatch](https://github.com/isaacs/minimatch) | `3.1.2` | `3.1.5` |\n| [minimatch](https://github.com/isaacs/minimatch) | `9.0.5` | `9.0.9` |\n| [minimatch](https://github.com/isaacs/minimatch) | `5.1.6` | `5.1.9` |\n| [flatted](https://github.com/WebReflection/flatted) | `3.3.3` | `3.4.2` |\n| [follow-redirects](https://github.com/follow-redirects/follow-redirects) | `1.15.11` | `1.16.0` |\n| [jsonpath](https://github.com/dchester/jsonpath) | `1.1.1` | `1.3.0` |\n| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.18.1` |\n| [node-forge](https://github.com/digitalbazaar/forge) | `1.3.1` | `1.4.0` |\n| [path-to-regexp](https://github.com/pillarjs/path-to-regexp) | `0.1.12` | `0.1.13` |\n| [picomatch](https://github.com/micromatch/picomatch) | `2.3.1` | `2.3.2` |\n| [qs](https://github.com/ljharb/qs) | `6.13.0` | `6.15.1` |\n| [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) | `7.9.3` | `7.14.2` |\n| [rollup](https://github.com/rollup/rollup) | `2.79.2` | `2.80.0` |\n| [webpack](https://github.com/webpack/webpack) | `5.102.0` | `5.106.2` |\n\n\nUpdates `axios` from 1.12.2 to 1.15.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/releases\"\u003eaxios's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.0\u003c/h2\u003e\n\u003cp\u003eThis release delivers two critical security patches, adds runtime support for Deno and Bun, and includes significant CI hardening, documentation improvements, and routine dependency updates.\u003c/p\u003e\n\u003ch2\u003e⚠️ Important Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDeprecation:\u003c/strong\u003e \u003ccode\u003eurl.parse()\u003c/code\u003e usage has been replaced to address Node.js deprecation warnings. If you are on a recent version of Node.js, this resolves console warnings you may have been seeing. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Handling:\u003c/strong\u003e Fixed a \u003ccode\u003eno_proxy\u003c/code\u003e hostname normalisation bypass that could lead to Server-Side Request Forgery (SSRF). (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHeader Injection:\u003c/strong\u003e Fixed an unrestricted cloud metadata exfiltration vulnerability via a header injection chain. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10660\"\u003e#10660\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRuntime Support:\u003c/strong\u003e Added compatibility checks and documentation for Deno and Bun environments. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10652\"\u003e#10652\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10653\"\u003e#10653\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eCI Security:\u003c/strong\u003e Hardened workflow permissions to least privilege, added the \u003ccode\u003ezizmor\u003c/code\u003e security scanner, pinned action versions, and gated npm publishing with OIDC and environment protection. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10627\"\u003e#10627\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003eserialize-javascript\u003c/code\u003e, \u003ccode\u003ehandlebars\u003c/code\u003e, \u003ccode\u003epicomatch\u003c/code\u003e, \u003ccode\u003evite\u003c/code\u003e, and \u003ccode\u003edenoland/setup-deno\u003c/code\u003e to latest versions. Added a 7-day Dependabot cooldown period. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10574\"\u003e#10574\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10572\"\u003e#10572\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10568\"\u003e#10568\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10616\"\u003e#10616\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eDocumentation:\u003c/strong\u003e Unified docs, improved \u003ccode\u003ebeforeRedirect\u003c/code\u003e credential leakage example, clarified \u003ccode\u003ewithCredentials\u003c/code\u003e/\u003ccode\u003ewithXSRFToken\u003c/code\u003e behaviour, HTTP/2 support notes, async/await timeout error handling, header case preservation, and various typo fixes. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10649\"\u003e#10649\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7452\"\u003e#7452\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7471\"\u003e#7471\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10654\"\u003e#10654\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHousekeeping:\u003c/strong\u003e Removed stale files, regenerated lockfile, and updated sponsor scripts and blocks. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10584\"\u003e#10584\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10650\"\u003e#10650\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10582\"\u003e#10582\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10640\"\u003e#10640\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10659\"\u003e#10659\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10668\"\u003e#10668\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTests:\u003c/strong\u003e Added regression coverage for urlencoded \u003ccode\u003eContent-Type\u003c/code\u003e casing. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve Axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/raashish1601\"\u003e\u003ccode\u003e@​raashish1601\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Kilros0817\"\u003e\u003ccode\u003e@​Kilros0817\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ashstrc\"\u003e\u003ccode\u003e@​ashstrc\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/theamodhshetty\"\u003e\u003ccode\u003e@​theamodhshetty\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7452\"\u003e#7452\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev1.14.0\u003c/h2\u003e\n\u003cp\u003eThis release focuses on compatibility fixes, adapter stability improvements, and test/tooling modernisation.\u003c/p\u003e\n\u003ch2\u003e⚠️ Important Changes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking Changes:\u003c/strong\u003e None identified in this release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eAction Required:\u003c/strong\u003e If you rely on env-based proxy behaviour or CJS resolution edge-cases, validate your integration after upgrade (notably \u003ccode\u003eproxy-from-env\u003c/code\u003e v2 alignment and \u003ccode\u003emain\u003c/code\u003e entry compatibility fix).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRuntime Features:\u003c/strong\u003e No new end-user features were introduced in this release.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eTest Coverage Expansion:\u003c/strong\u003e Added broader smoke/module test coverage for CJS and ESM package usage. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7510\"\u003e#7510\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHeaders:\u003c/strong\u003e Trim trailing CRLF in normalised header values. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7456\"\u003e#7456\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHTTP/2:\u003c/strong\u003e Close detached HTTP/2 sessions on timeout to avoid lingering sessions. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7457\"\u003e#7457\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eFetch Adapter:\u003c/strong\u003e Cancel \u003ccode\u003eReadableStream\u003c/code\u003e created during request-stream capability probing to prevent async resource leaks. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7515\"\u003e#7515\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eProxy Handling:\u003c/strong\u003e Fixed env proxy behavior with \u003ccode\u003eproxy-from-env\u003c/code\u003e v2 usage. (\u003ca href=\"https://redirect.github.com/axios/axios/pull/7499\"\u003e#7499\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/axios/axios/blob/v1.x/CHANGELOG.md\"\u003eaxios's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.15.0 - April 7, 2026\u003c/h2\u003e\n\u003cp\u003eThis release delivers two critical security patches targeting header injection and SSRF via proxy bypass, adds official runtime support for Deno and Bun, and includes significant CI security hardening.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eHeader Injection (CRLF):\u003c/strong\u003e Rejects any header value containing \u003ccode\u003e\\r\u003c/code\u003e or \u003ccode\u003e\\n\u003c/code\u003e characters to block CRLF injection chains that could be used to exfiltrate cloud metadata (IMDS). Behavior change: headers with CR/LF now throw \u003ccode\u003e\u0026quot;Invalid character in header content\u0026quot;\u003c/code\u003e. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10660\"\u003e#10660\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eSSRF via \u003ccode\u003eno_proxy\u003c/code\u003e Bypass:\u003c/strong\u003e Introduces a \u003ccode\u003eshouldBypassProxy\u003c/code\u003e helper that normalises hostnames (strips trailing dots, handles bracketed IPv6) before evaluating \u003ccode\u003eno_proxy\u003c/code\u003e/\u003ccode\u003eNO_PROXY\u003c/code\u003e rules, closing a gap that could cause loopback or internal hosts to be inadvertently proxied. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🚀 New Features\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eDeno \u0026amp; Bun Runtime Support:\u003c/strong\u003e Added full smoke test suites for Deno and Bun, with CI workflows that run both runtimes before any release is cut. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10652\"\u003e#10652\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eNode.js v22 Compatibility:\u003c/strong\u003e Replaced deprecated \u003ccode\u003eurl.parse()\u003c/code\u003e calls with the WHATWG \u003ccode\u003eURL\u003c/code\u003e/\u003ccode\u003eURLSearchParams\u003c/code\u003e API across examples, sandbox, and tests, eliminating \u003ccode\u003eDEP0169\u003c/code\u003e deprecation warnings on Node.js v22+. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🔧 Maintenance \u0026amp; Chores\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eCI Security Hardening:\u003c/strong\u003e Added \u003ca href=\"https://github.com/zizmorcore/zizmor\"\u003ezizmor\u003c/a\u003e GitHub Actions security scanner; switched npm publish to OIDC Trusted Publishing (removing the long-lived \u003ccode\u003eNODE_AUTH_TOKEN\u003c/code\u003e); pinned all action references to full commit SHAs; narrowed workflow permissions to least privilege; gated the publish step behind a dedicated \u003ccode\u003enpm-publish\u003c/code\u003e environment; and blocked the sponsor-block workflow from running on forks. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10627\"\u003e#10627\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10641\"\u003e#10641\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDocs:\u003c/strong\u003e Clarified HTTP/2 support and the unsupported \u003ccode\u003ehttpVersion\u003c/code\u003e option; added documentation for header case preservation; improved the \u003ccode\u003ebeforeRedirect\u003c/code\u003e example to prevent accidental credential leakage. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10654\"\u003e#10654\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003e\u003cstrong\u003eDependencies:\u003c/strong\u003e Bumped \u003ccode\u003epicomatch\u003c/code\u003e, \u003ccode\u003ehandlebars\u003c/code\u003e, \u003ccode\u003eserialize-javascript\u003c/code\u003e, \u003ccode\u003evite\u003c/code\u003e (×3), \u003ccode\u003edenoland/setup-deno\u003c/code\u003e, and 4 additional dev dependencies to latest versions. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10564\"\u003e#10564\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10565\"\u003e#10565\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10567\"\u003e#10567\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10568\"\u003e#10568\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10572\"\u003e#10572\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10574\"\u003e#10574\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e\u003c/strong\u003e)\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🌟 New Contributors\u003c/h2\u003e\n\u003cp\u003eWe are thrilled to welcome our new contributors. Thank you for helping improve axios:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Kilros0817\"\u003e\u003ccode\u003e@​Kilros0817\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10625\"\u003e#10625\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/shaanmajid\"\u003e\u003ccode\u003e@​shaanmajid\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10616\"\u003e#10616\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10617\"\u003e#10617\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10618\"\u003e#10618\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10619\"\u003e#10619\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10637\"\u003e#10637\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10641\"\u003e#10641\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/ashstrc\"\u003e\u003ccode\u003e@​ashstrc\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10624\"\u003e#10624\u003c/a\u003e\u003c/strong\u003e, \u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10644\"\u003e#10644\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/Abhi3975\"\u003e\u003ccode\u003e@​Abhi3975\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10589\"\u003e#10589\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://github.com/raashish1601\"\u003e\u003ccode\u003e@​raashish1601\u003c/code\u003e\u003c/a\u003e\u003c/strong\u003e (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/10573\"\u003e#10573\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003ca href=\"https://github.com/axios/axios/compare/v1.14.0...v1.15.0\"\u003eFull Changelog\u003c/a\u003e\u003c/p\u003e\n\u003chr /\u003e\n\u003ch2\u003ev1.14.0 - March 27, 2026\u003c/h2\u003e\n\u003cp\u003eThis release fixes a security vulnerability in the \u003ccode\u003eformidable\u003c/code\u003e dependency, resolves a CommonJS compatibility regression, hardens proxy and HTTP/2 handling, and modernises the build and test toolchain.\u003c/p\u003e\n\u003ch2\u003e🔒 Security Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eFormidable Vulnerability:\u003c/strong\u003e Upgraded \u003ccode\u003eformidable\u003c/code\u003e from v2 to v3 to address a reported arbitrary-file vulnerability. Updated test server and assertions to align with the v3 API. (\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/axios/axios/issues/7533\"\u003e#7533\u003c/a\u003e\u003c/strong\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e🐛 Bug Fixes\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/772a4e54ecc4cc2421e2b746daff0aca10f359d7\"\u003e\u003ccode\u003e772a4e5\u003c/code\u003e\u003c/a\u003e chore(release): prepare release 1.15.0 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10671\"\u003e#10671\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/4b071371be2f810b4bc7797a13838e0f806ebb22\"\u003e\u003ccode\u003e4b07137\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.0 to 8.0.5 in /tests/smoke/esm (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10663\"\u003e#10663\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/51e57b39db251bfe3d34af5c943dfea18e06c8b6\"\u003e\u003ccode\u003e51e57b3\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.2 to 8.0.5 (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10664\"\u003e#10664\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/fba1a77930f0c459677b729161627234b88c90aa\"\u003e\u003ccode\u003efba1a77\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump vite from 8.0.2 to 8.0.5 in /tests/module/esm (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10665\"\u003e#10665\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/0bf6e28eac86e87da2b60bbf5ea4237910e1a08e\"\u003e\u003ccode\u003e0bf6e28\u003c/code\u003e\u003c/a\u003e chore(deps): bump denoland/setup-deno in the github-actions group (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10669\"\u003e#10669\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/8107157c572ee4a54cb28c01ab7f7f3d895ba661\"\u003e\u003ccode\u003e8107157\u003c/code\u003e\u003c/a\u003e chore(deps-dev): bump the development_dependencies group with 4 updates (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10670\"\u003e#10670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/e66530e3302d56176befd0778155dafea2487542\"\u003e\u003ccode\u003ee66530e\u003c/code\u003e\u003c/a\u003e ci: require npm-publish environment for releases (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10666\"\u003e#10666\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/49f23cbfe4d308a075281c5f798d4c68f648cbe2\"\u003e\u003ccode\u003e49f23cb\u003c/code\u003e\u003c/a\u003e chore(sponsor): update sponsor block (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10668\"\u003e#10668\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1\"\u003e\u003ccode\u003e3631854\u003c/code\u003e\u003c/a\u003e fix: unrestricted cloud metadata exfiltration via header injection chain (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10\"\u003e#10\u003c/a\u003e...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df\"\u003e\u003ccode\u003efb3befb\u003c/code\u003e\u003c/a\u003e fix: no_proxy hostname normalization bypass leads to ssrf (\u003ca href=\"https://redirect.github.com/axios/axios/issues/10661\"\u003e#10661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/axios/axios/compare/v1.12.2...v1.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~GitHub%20Actions\"\u003eGitHub Actions\u003c/a\u003e, a new releaser for axios since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eInstall script changes\u003c/summary\u003e\n\u003cp\u003eThis version modifies \u003ccode\u003eprepare\u003c/code\u003e script that runs during installation. Review the package contents before updating.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `js-yaml` from 3.14.1 to 3.14.2\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md\"\u003ejs-yaml's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e[3.14.2] - 2025-11-15\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBackported v4.1.1 fix to v3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.1] - 2025-11-12\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix prototype pollution issue in yaml merge (\u0026lt;\u0026lt;) operator.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.1.0] - 2021-04-15\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eTypes are now exported as \u003ccode\u003eyaml.types.XXX\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eEvery type now has \u003ccode\u003eoptions\u003c/code\u003e property with original arguments kept as they were\n(see \u003ccode\u003eyaml.types.int.options\u003c/code\u003e as an example).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eSchema.extend()\u003c/code\u003e now keeps old type order in case of conflicts\n(e.g. Schema.extend([ a, b, c ]).extend([ b, a, d ]) is now ordered as \u003ccode\u003eabcd\u003c/code\u003e instead of \u003ccode\u003ecbad\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e[4.0.0] - 2021-01-03\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCheck \u003ca href=\"https://github.com/nodeca/js-yaml/blob/master/migrate_v3_to_v4.md\"\u003emigration guide\u003c/a\u003e to see details for all breaking changes.\u003c/li\u003e\n\u003cli\u003eBreaking: \u0026quot;unsafe\u0026quot; tags \u003ccode\u003e!!js/function\u003c/code\u003e, \u003ccode\u003e!!js/regexp\u003c/code\u003e, \u003ccode\u003e!!js/undefined\u003c/code\u003e are\nmoved to \u003ca href=\"https://github.com/nodeca/js-yaml-js-types\"\u003ejs-yaml-js-types\u003c/a\u003e package.\u003c/li\u003e\n\u003cli\u003eBreaking: removed \u003ccode\u003esafe*\u003c/code\u003e functions. Use \u003ccode\u003eload\u003c/code\u003e, \u003ccode\u003eloadAll\u003c/code\u003e, \u003ccode\u003edump\u003c/code\u003e\ninstead which are all now safe by default.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.DEFAULT_SAFE_SCHEMA\u003c/code\u003e and \u003ccode\u003eyaml.DEFAULT_FULL_SCHEMA\u003c/code\u003e are removed, use\n\u003ccode\u003eyaml.DEFAULT_SCHEMA\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eyaml.Schema.create(schema, tags)\u003c/code\u003e is removed, use \u003ccode\u003eschema.extend(tags)\u003c/code\u003e instead.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003e!!binary\u003c/code\u003e now always mapped to \u003ccode\u003eUint8Array\u003c/code\u003e on load.\u003c/li\u003e\n\u003cli\u003eReduced nesting of \u003ccode\u003e/lib\u003c/code\u003e folder.\u003c/li\u003e\n\u003cli\u003eParse numbers according to YAML 1.2 instead of YAML 1.1 (\u003ccode\u003e01234\u003c/code\u003e is now decimal,\n\u003ccode\u003e0o1234\u003c/code\u003e is octal, \u003ccode\u003e1:23\u003c/code\u003e is parsed as string instead of base60).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e no longer quotes \u003ccode\u003e:\u003c/code\u003e, \u003ccode\u003e[\u003c/code\u003e, \u003ccode\u003e]\u003c/code\u003e, \u003ccode\u003e(\u003c/code\u003e, \u003ccode\u003e)\u003c/code\u003e except when necessary, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/470\"\u003e#470\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/557\"\u003e#557\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eLine and column in exceptions are now formatted as \u003ccode\u003e(X:Y)\u003c/code\u003e instead of\n\u003ccode\u003eat line X, column Y\u003c/code\u003e (also present in compact format), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/332\"\u003e#332\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCode snippet created in exceptions now contains multiple lines with line numbers.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e now serializes \u003ccode\u003eundefined\u003c/code\u003e as \u003ccode\u003enull\u003c/code\u003e in collections and removes keys with\n\u003ccode\u003eundefined\u003c/code\u003e in mappings, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/571\"\u003e#571\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003edump()\u003c/code\u003e with \u003ccode\u003eskipInvalid=true\u003c/code\u003e now serializes invalid items in collections as null.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003e!\u003c/code\u003e are now dumped as \u003ccode\u003e!tag\u003c/code\u003e instead of \u003ccode\u003e!\u0026lt;!tag\u0026gt;\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/576\"\u003e#576\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eCustom tags starting with \u003ccode\u003etag:yaml.org,2002:\u003c/code\u003e are now shorthanded using \u003ccode\u003e!!\u003c/code\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/258\"\u003e#258\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdded \u003ccode\u003e.mjs\u003c/code\u003e (es modules) support.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003equotingType\u003c/code\u003e and \u003ccode\u003eforceQuotes\u003c/code\u003e options for dumper to configure\nstring literal style, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/290\"\u003e#290\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/529\"\u003e#529\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eAdded \u003ccode\u003estyles: { '!!null': 'empty' }\u003c/code\u003e option for dumper\n(serializes \u003ccode\u003e{ foo: null }\u003c/code\u003e as \u0026quot;\u003ccode\u003efoo: \u003c/code\u003e\u0026quot;), \u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/570\"\u003e#570\u003c/a\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/9963d366dfbde0c69722452bcd40b41e7e4160a0\"\u003e\u003ccode\u003e9963d36\u003c/code\u003e\u003c/a\u003e 3.14.2 released\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/10d3c8e70a6888543f5cdb656bb39f73e0ea77c1\"\u003e\u003ccode\u003e10d3c8e\u003c/code\u003e\u003c/a\u003e dist rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266\"\u003e\u003ccode\u003e5278870\u003c/code\u003e\u003c/a\u003e fix prototype pollution in merge (\u0026lt;\u0026lt;) (\u003ca href=\"https://redirect.github.com/nodeca/js-yaml/issues/731\"\u003e#731\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/nodeca/js-yaml/compare/3.14.1...3.14.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `ajv` from 6.12.6 to 6.15.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/184bc32745d9d33b2322949b9f3cb5f7609bf5ec\"\u003e\u003ccode\u003e184bc32\u003c/code\u003e\u003c/a\u003e 6.15.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/fea46afd1a76b12ff89493f6dc1bc46730c6d379\"\u003e\u003ccode\u003efea46af\u003c/code\u003e\u003c/a\u003e test/fix prototype pollution via $data ref with format keyword (\u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/2606\"\u003e#2606\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/e3af0a723b4b7ad86eff43be355c706d31e0e915\"\u003e\u003ccode\u003ee3af0a7\u003c/code\u003e\u003c/a\u003e 6.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/b552ed66191eb338498df3196065c777e3bb71f2\"\u003e\u003ccode\u003eb552ed6\u003c/code\u003e\u003c/a\u003e add regExp option to address $data exploit via a regular expression (CVE-2025...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/72f228665859eed5e2be3a66f8c4a7aff6b34dcf\"\u003e\u003ccode\u003e72f2286\u003c/code\u003e\u003c/a\u003e docs: update v7 info\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/231e52b3bca62559202b95e5fb5cee02145b226a\"\u003e\u003ccode\u003e231e52b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/ajv-validator/ajv/issues/1320\"\u003e#1320\u003c/a\u003e from philsturgeon/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/d3475fc20416c33fe030c8aa3b09fa411f325bbd\"\u003e\u003ccode\u003ed3475fc\u003c/code\u003e\u003c/a\u003e Add spectral, an AJV util from a sponsor\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/413afe01f518ea74d1740a7cb211df787c585544\"\u003e\u003ccode\u003e413afe0\u003c/code\u003e\u003c/a\u003e docs: v7.0.0-beta.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ajv-validator/ajv/commit/11e997bda2f3eecb445c1e5a07d96ef7e81c5f5d\"\u003e\u003ccode\u003e11e997b\u003c/code\u003e\u003c/a\u003e update readme for v7\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/ajv-validator/ajv/compare/v6.12.6...v6.15.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 1.1.12 to 1.1.14\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `brace-expansion` from 2.0.2 to 2.1.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/10c05fcf3699b1a29ef5e611c011af3d3c97e6e3\"\u003e\u003ccode\u003e10c05fc\u003c/code\u003e\u003c/a\u003e 1.1.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/1afa1b22ead12f6a7a02f25bf0f7d64c2439b007\"\u003e\u003ccode\u003e1afa1b2\u003c/code\u003e\u003c/a\u003e Add opt-in { max } mitigation to v1 legacy line (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/103\"\u003e#103\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/2fbb6a2aa0f984bb2fb5f60252ca6cba3e1368ec\"\u003e\u003ccode\u003e2fbb6a2\u003c/code\u003e\u003c/a\u003e Revert \u0026quot;Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u0026quot; (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/102\"\u003e#102\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/0d7652e3093d3273151729812f9b0b79a17ecba6\"\u003e\u003ccode\u003e0d7652e\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-7h2j-956f-4vf2 to v1 (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/101\"\u003e#101\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/6c353caf23beb9644f858eb3fe38d43a68b82898\"\u003e\u003ccode\u003e6c353ca\u003c/code\u003e\u003c/a\u003e 1.1.13\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2\"\u003e\u003ccode\u003e7fd684f\u003c/code\u003e\u003c/a\u003e Backport fix for GHSA-f886-m6hf-6m8v (\u003ca href=\"https://redirect.github.com/juliangruber/brace-expansion/issues/95\"\u003e#95\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.14\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 3.1.2 to 3.1.5\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 9.0.5 to 9.0.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `minimatch` from 5.1.6 to 5.1.9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/7bba97888a27a6162983056bcce2a6e28f668712\"\u003e\u003ccode\u003e7bba978\u003c/code\u003e\u003c/a\u003e 3.1.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/bd259425b2ca17b42897997f93e890314155522d\"\u003e\u003ccode\u003ebd25942\u003c/code\u003e\u003c/a\u003e docs: add warning about ReDoS\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a9c27c75725474dbde57db2995b6281b267756d\"\u003e\u003ccode\u003e1a9c27c\u003c/code\u003e\u003c/a\u003e fix partial matching of globstar patterns\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/1a2e084af579731af66c221214e3ca8222c9bf23\"\u003e\u003ccode\u003e1a2e084\u003c/code\u003e\u003c/a\u003e 3.1.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/ae24656237c3d58067442f790ce17eff84463a47\"\u003e\u003ccode\u003eae24656\u003c/code\u003e\u003c/a\u003e update lockfile\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/b1003749228b2a79e1f237963a0d559ef7a0941e\"\u003e\u003ccode\u003eb100374\u003c/code\u003e\u003c/a\u003e limit recursion for **, improve perf considerably\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/26ffeaa091b9f660833e23f42e07165b33e85c13\"\u003e\u003ccode\u003e26ffeaa\u003c/code\u003e\u003c/a\u003e lockfile update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/9eca892a4e5dbb20534f9f30483b85cdeee6c2eb\"\u003e\u003ccode\u003e9eca892\u003c/code\u003e\u003c/a\u003e lock node version to 14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/00c323b188b704e5d4bc534ecec2268cfa70a32a\"\u003e\u003ccode\u003e00c323b\u003c/code\u003e\u003c/a\u003e 3.1.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/isaacs/minimatch/commit/30486b2048929264f44d18822891cfffa02af78b\"\u003e\u003ccode\u003e30486b2\u003c/code\u003e\u003c/a\u003e update CI matrix and actions\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `flatted` from 3.3.3 to 3.4.2\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/3bf09091c3562e17a0647bc06710dd6097079cf7\"\u003e\u003ccode\u003e3bf0909\u003c/code\u003e\u003c/a\u003e 3.4.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/885ddcc33cf9657caf38c57c7be45ae1c5272802\"\u003e\u003ccode\u003e885ddcc\u003c/code\u003e\u003c/a\u003e fix CWE-1321\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/0bdba705d130f00892b1b8fcc80cf4cdea0631e3\"\u003e\u003ccode\u003e0bdba70\u003c/code\u003e\u003c/a\u003e added flatted-view to the benchmark\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/2a02dce7c641dec31194c67663f9b0b12e62da20\"\u003e\u003ccode\u003e2a02dce\u003c/code\u003e\u003c/a\u003e 3.4.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/fba4e8f2e113665da275b19cd0f695f3d98e9416\"\u003e\u003ccode\u003efba4e8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/WebReflection/flatted/issues/89\"\u003e#89\u003c/a\u003e from WebReflection/python-fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/5fe86485e6df7f7f34a07a2a85498bd3e17384e7\"\u003e\u003ccode\u003e5fe8648\u003c/code\u003e\u003c/a\u003e added \u0026quot;when in Rome\u0026quot; also a test for PHP\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/53517adbefe724fe472b2f9ebcdb01910d0ae3f0\"\u003e\u003ccode\u003e53517ad\u003c/code\u003e\u003c/a\u003e some minor improvement\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/b3e2a0c387bf446435fec45ad7f05299f012346f\"\u003e\u003ccode\u003eb3e2a0c\u003c/code\u003e\u003c/a\u003e Fixing recursion issue in Python too\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/c4b46dbcbf782326e54ea1b65d3ebb1dc7a23fad\"\u003e\u003ccode\u003ec4b46db\u003c/code\u003e\u003c/a\u003e Add SECURITY.md for security policy and reporting\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/WebReflection/flatted/commit/f86d071e0f70de5a7d8200198824a3f07fc9c988\"\u003e\u003ccode\u003ef86d071\u003c/code\u003e\u003c/a\u003e Create dependabot.yml for version updates\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `follow-redirects` from 1.15.11 to 1.16.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/0c23a223067201c368035e82954c11eb2578a33b\"\u003e\u003ccode\u003e0c23a22\u003c/code\u003e\u003c/a\u003e Release version 1.16.0 of the npm package.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/844c4d302ac963d29bdb5dc1754ec7df3d70d7f9\"\u003e\u003ccode\u003e844c4d3\u003c/code\u003e\u003c/a\u003e Add sensitiveHeaders option.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/5e8b8d024e2c76f804a284258e585ecb49a575be\"\u003e\u003ccode\u003e5e8b8d0\u003c/code\u003e\u003c/a\u003e ci: add Node.js 24.x to the CI matrix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/7953e2255aa0b93602eed3804f3bc5e6923a03af\"\u003e\u003ccode\u003e7953e22\u003c/code\u003e\u003c/a\u003e ci: upgrade GitHub Actions to use setup-node@v6 and checkout@v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/follow-redirects/follow-redirects/commit/86dc1f86e4b56bcd642c78384d51f10f123aea75\"\u003e\u003ccode\u003e86dc1f8\u003c/code\u003e\u003c/a\u003e Sanitizing input.\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/follow-redirects/follow-redirects/compare/v1.15.11...v1.16.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `jsonpath` from 1.1.1 to 1.3.0\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/dchester/jsonpath/commits\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `lodash` from 4.17.21 to 4.18.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/lodash/lodash/releases\"\u003elodash's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e4.18.1\u003c/h2\u003e\n\u003ch2\u003eBugs\u003c/h2\u003e\n\u003cp\u003eFixes a \u003ccode\u003eReferenceError\u003c/code\u003e issue in \u003ccode\u003elodash\u003c/code\u003e \u003ccode\u003elodash-es\u003c/code\u003e \u003ccode\u003elodash-amd\u003c/code\u003e and \u003ccode\u003elodash.template\u003c/code\u003e when using the \u003ccode\u003etemplate\u003c/code\u003e and \u003ccode\u003efromPairs\u003c/code\u003e functions from the modular builds. See \u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6167#issuecomment-4165269769\"\u003elodash/lodash#6167\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eThese defects were related to how lodash distributions are built from the main branch using \u003ca href=\"https://github.com/lodash-archive/lodash-cli\"\u003ehttps://github.com/lodash-archive/lodash-cli\u003c/a\u003e. When internal dependencies change inside lodash functions, equivalent updates need to be made to a mapping in the lodash-cli. (hey, it was ahead of its time once upon a time!). We know this, but we missed it in the last release. It's the kind of thing that passes in CI, but fails bc the build is not the same thing you tested.\u003c/p\u003e\n\u003cp\u003eThere is no diff on main for this, but you can see the diffs for each of the npm packages on their respective branches:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003elodash\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm...4.18.1-npm\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-es\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-es...4.18.1-es\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash-amd\u003c/code\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-amd...4.18.1-amd\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003elodash.template\u003c/code\u003e\u003ca href=\"https://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\"\u003ehttps://github.com/lodash/lodash/compare/4.18.0-npm-packages...4.18.1-npm-packages\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.18.0\u003c/h2\u003e\n\u003ch2\u003ev4.18.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.23...4.18.0\"\u003ehttps://github.com/lodash/lodash/compare/4.17.23...4.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.unset\u003c/code\u003e / \u003ccode\u003e_.omit\u003c/code\u003e\u003c/strong\u003e: Fixed prototype pollution via \u003ccode\u003econstructor\u003c/code\u003e/\u003ccode\u003eprototype\u003c/code\u003e path traversal (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-f23m-r3pf-42rh\"\u003eGHSA-f23m-r3pf-42rh\u003c/a\u003e, \u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003efe8d32e\u003c/a\u003e). Previously, array-wrapped path segments and primitive roots could bypass the existing guards, allowing deletion of properties from built-in prototypes. Now \u003ccode\u003econstructor\u003c/code\u003e and \u003ccode\u003eprototype\u003c/code\u003e are blocked unconditionally as non-terminal path keys, matching \u003ccode\u003ebaseSet\u003c/code\u003e. Calls that previously returned \u003ccode\u003etrue\u003c/code\u003e and deleted the property now return \u003ccode\u003efalse\u003c/code\u003e and leave the target untouched.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003e\u003ccode\u003e_.template\u003c/code\u003e\u003c/strong\u003e: Fixed code injection via \u003ccode\u003eimports\u003c/code\u003e keys (\u003ca href=\"https://github.com/lodash/lodash/security/advisories/GHSA-r5fr-rjxr-66jc\"\u003eGHSA-r5fr-rjxr-66jc\u003c/a\u003e, CVE-2026-4800, \u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e879aaa9\u003c/a\u003e). Fixes an incomplete patch for CVE-2021-23337. The \u003ccode\u003evariable\u003c/code\u003e option was validated against \u003ccode\u003ereForbiddenIdentifierChars\u003c/code\u003e but \u003ccode\u003eimportsKeys\u003c/code\u003e was left unguarded, allowing code injection via the same \u003ccode\u003eFunction()\u003c/code\u003e constructor sink. \u003ccode\u003eimports\u003c/code\u003e keys containing forbidden identifier characters now throw \u003ccode\u003e\u0026quot;Invalid imports option passed into _.template\u0026quot;\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eDocs\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd security notice for \u003ccode\u003e_.template\u003c/code\u003e in threat model and API docs (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6099\"\u003e#6099\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDocument \u003ccode\u003elower \u0026gt; upper\u003c/code\u003e behavior in \u003ccode\u003e_.random\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6115\"\u003e#6115\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix quotes in \u003ccode\u003e_.compact\u003c/code\u003e jsdoc (\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6090\"\u003e#6090\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e\u003ccode\u003elodash.*\u003c/code\u003e modular packages\u003c/h3\u003e\n\u003cp\u003e\u003ca href=\"https://redirect.github.com/lodash/lodash/pull/6157\"\u003eDiff\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eWe have also regenerated and published a select number of the \u003ccode\u003elodash.*\u003c/code\u003e modular packages.\u003c/p\u003e\n\u003cp\u003eThese modular packages had fallen out of sync significantly from the minor/patch updates to lodash. Specifically, we have brought the following packages up to parity w/ the latest lodash release because they have had CVEs on them in the past:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.orderby\"\u003elodash.orderby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.tonumber\"\u003elodash.tonumber\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trim\"\u003elodash.trim\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.trimend\"\u003elodash.trimend\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.sortedindexby\"\u003elodash.sortedindexby\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.zipobjectdeep\"\u003elodash.zipobjectdeep\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.unset\"\u003elodash.unset\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.omit\"\u003elodash.omit\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.npmjs.com/package/lodash.template\"\u003elodash.template\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/cb0b9b9212521c08e3eafe7c8cb0af1b42b6649e\"\u003e\u003ccode\u003ecb0b9b9\u003c/code\u003e\u003c/a\u003e release(patch): bump main to 4.18.1 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6177\"\u003e#6177\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/75535f57883b7225adb96de1cfc1cd4169cfcb51\"\u003e\u003ccode\u003e75535f5\u003c/code\u003e\u003c/a\u003e chore: prune stale advisory refs (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6170\"\u003e#6170\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/62e91bc6a39c98d85b9ada8c44d40593deaf82a4\"\u003e\u003ccode\u003e62e91bc\u003c/code\u003e\u003c/a\u003e docs: remove n_ Node.js \u0026lt; 6 REPL note from README (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6165\"\u003e#6165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/59be2de61f8aa9461c7856533b51d31b7d8babc4\"\u003e\u003ccode\u003e59be2de\u003c/code\u003e\u003c/a\u003e release(minor): bump to 4.18.0 (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6161\"\u003e#6161\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/af634573030f979194871da7c68f79420992f53d\"\u003e\u003ccode\u003eaf63457\u003c/code\u003e\u003c/a\u003e fix: broken tests for _.template 879aaa9\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/1073a7693e1727e0cf3641e5f71f75ddcf8de7c0\"\u003e\u003ccode\u003e1073a76\u003c/code\u003e\u003c/a\u003e fix: linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/879aaa93132d78c2f8d20c60279da9f8b21576d6\"\u003e\u003ccode\u003e879aaa9\u003c/code\u003e\u003c/a\u003e fix: validate imports keys in _.template\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/fe8d32eda854377349a4f922ab7655c8e5df9a0b\"\u003e\u003ccode\u003efe8d32e\u003c/code\u003e\u003c/a\u003e fix: block prototype pollution in baseUnset via constructor/prototype traversal\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/18ba0a32f42fd02117f096b032f89c984173462d\"\u003e\u003ccode\u003e18ba0a3\u003c/code\u003e\u003c/a\u003e refactor(fromPairs): use baseAssignValue for consistent assignment (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6153\"\u003e#6153\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/lodash/lodash/commit/b8190803d48d60b8c80ad45d39125f32fa618cb2\"\u003e\u003ccode\u003eb819080\u003c/code\u003e\u003c/a\u003e ci: add dist sync validation workflow (\u003ca href=\"https://redirect.github.com/lodash/lodash/issues/6137\"\u003e#6137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/lodash/lodash/compare/4.17.21...4.18.1\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `node-forge` from 1.3.1 to 1.4.0\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md\"\u003enode-forge's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.4.0 - 2026-03-24\u003c/h2\u003e\n\u003ch3\u003eSecurity\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Denial of Service in \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e\n\u003cul\u003e\n\u003cli\u003eA Denial of Service (DoS) vulnerability exists due to an infinite loop in\nthe \u003ccode\u003eBigInteger.modInverse()\u003c/code\u003e function (inherited from the bundled jsbn\nlibrary). When \u003ccode\u003emodInverse()\u003c/code\u003e is called with a zero value as input, the\ninternal Extended Euclidean Algorithm enters an unreachable exit condition,\ncausing the process to hang indefinitely and consume 100% CPU.\u003c/li\u003e\n\u003cli\u003eReported by Kr0emer.\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33891\"\u003eCVE-2026-33891\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-5m6q-g25r-mvwx\"\u003eGHSA-5gfm-wpxj-wjgq\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in RSA-PKCS due to ASN.1 extra field.\n\u003cul\u003e\n\u003cli\u003eRSASSA PKCS#1 v1.5 signature verification accepts forged signatures for low\npublic exponent keys (e=3). Attackers can forge signatures by stuffing\n\u0026quot;garbage\u0026quot; bytes within the ASN.1 structure in order to construct a\nsignature that passes verification, enabling Bleichenbacher style forgery.\nThis issue is similar to CVE-2022-24771, but adds bytes in an addition\nfield within the ASN.1 structure, rather than outside of it.\u003c/li\u003e\n\u003cli\u003eAdditionally, forge does not validate that signatures include a minimum of\n8 bytes of padding as defined by the specification, providing attackers\nadditional space to construct Bleichenbacher forgeries.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33894\"\u003eCVE-2026-33894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp\"\u003eGHSA-ppp5-5v6c-4jwp\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: Signature forgery in Ed25519 due to missing S \u0026lt; L check.\n\u003cul\u003e\n\u003cli\u003eEd25519 signature verification accepts forged non-canonical signatures\nwhere the scalar S is not reduced modulo the group order (S \u0026gt;= L). A valid\nsignature and its S + L variant both verify in forge, while Node.js\ncrypto.verify (OpenSSL-backed) rejects the S + L variant, as defined by the\nspecification. This class of signature malleability has been exploited in\npractice to bypass authentication and authorization logic (see\nCVE-2026-25793, CVE-2022-35961). Applications relying on signature\nuniqueness (i.e., dedup by signature bytes, replay tracking, signed-object\ncanonicalization checks) may be bypassed.\u003c/li\u003e\n\u003cli\u003eReported as part of a U.C. Berkeley security research project by:\n\u003cul\u003e\n\u003cli\u003eAustin Chu, Sohee Kim, and Corban Villa.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33895\"\u003eCVE-2026-33895\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-q67f-28xg-22rw\"\u003eGHSA-q67f-28xg-22rw\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eHIGH\u003c/strong\u003e: \u003ccode\u003ebasicConstraints\u003c/code\u003e bypass in certificate chain verification.\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003epki.verifyCertificateChain()\u003c/code\u003e does not enforce RFC 5280 \u003ccode\u003ebasicConstraints\u003c/code\u003e\nrequirements when an intermediate certificate lacks both the\n\u003ccode\u003ebasicConstraints\u003c/code\u003e and \u003ccode\u003ekeyUsage\u003c/code\u003e extensions. This allows any leaf\ncertificate (without these extensions) to act as a CA and sign other\ncertificates, which node-forge will accept as valid.\u003c/li\u003e\n\u003cli\u003eReported by Doruk Tan Ozturk (\u003ca href=\"https://github.com/peaktwilight\"\u003e\u003ccode\u003e@​peaktwilight\u003c/code\u003e\u003c/a\u003e) - doruk.ch\u003c/li\u003e\n\u003cli\u003eCVE ID: \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-33896\"\u003eCVE-2026-33896\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHSA ID: \u003ca href=\"https://github.com/digitalbazaar/forge/security/advisories/GHSA-2328-f5f3-gj25\"\u003eGHSA-2328-f5f3-gj25\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/fa385f92440879601240020f158bed68e444e83a\"\u003e\u003ccode\u003efa385f9\u003c/code\u003e\u003c/a\u003e Release 1.4.0.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/07d4e162762ed4fdab5caca9ebf78237fcf85339\"\u003e\u003ccode\u003e07d4e16\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/cb90fd92091ee34e4abab3ad0c835eeea3d06c3e\"\u003e\u003ccode\u003ecb90fd9\u003c/code\u003e\u003c/a\u003e Update changelog.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/963e7c5c7b0f03de1b28a1e5a42a6bafda4cf711\"\u003e\u003ccode\u003e963e7c5\u003c/code\u003e\u003c/a\u003e Add unit test for \u0026quot;pseudonym\u0026quot;\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/f0b6f5b7c5d1c918240e975e0cade4f47d005446\"\u003e\u003ccode\u003ef0b6f5b\u003c/code\u003e\u003c/a\u003e Add pseudonym OID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/3df48a311d4b53dc6493b7a47a8d07f3669957d9\"\u003e\u003ccode\u003e3df48a3\u003c/code\u003e\u003c/a\u003e Fix missing CVE ID.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/2e492832fb25227e6b647cbe1ac981c123171e90\"\u003e\u003ccode\u003e2e49283\u003c/code\u003e\u003c/a\u003e Add x509 \u003ccode\u003ebasicConstraints\u003c/code\u003e check.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/bdecf11571c9f1a487cc0fe72fe78ff6dfa96b85\"\u003e\u003ccode\u003ebdecf11\u003c/code\u003e\u003c/a\u003e Add canonical signature scaler check for S \u0026lt; L.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/af094e69c60ac5f7b29f2b1957c53ae5e12fd4a0\"\u003e\u003ccode\u003eaf094e6\u003c/code\u003e\u003c/a\u003e Add RSA padding and DigestInfo length checks.\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/digitalbazaar/forge/commit/796eeb1673f6ec636fda02dfc295047d9f7aefe0\"\u003e\u003ccode\u003e796eeb1\u003c/code\u003e\u003c/a\u003e Improve jsbn fix.\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.4.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `path-to-regexp` from 0.1.12 to 0.1.13\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/releases\"\u003epath-to-regexp's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003ch2\u003eImportant\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ehttps://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/pillarjs/path-to-regexp/blob/v.0.1.13/History.md\"\u003epath-to-regexp's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003e0.1.13 / 2026-03-26\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFix \u003ca href=\"https://www.cve.org/CVERecord?id=CVE-2026-4867\"\u003eCVE-2026-4867\u003c/a\u003e (\u003ca href=\"https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-37ch-88jc-xwx2\"\u003eGHSA-37ch-88jc-xwx2\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.7 / 2015-07-28\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eFixed regression with escaped round brackets and matching groups.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.6 / 2015-06-19\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eReplace \u003ccode\u003eindex\u003c/code\u003e feature by outputting all parameters, unnamed and named.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.5 / 2015-05-08\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd an index property for position in match result.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.4 / 2015-03-05\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eAdd license information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.3 / 2014-07-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eBetter array support\u003c/li\u003e\n\u003cli\u003eImproved support for trailing slash in non-ending mode\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.1.0 / 2014-03-06\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eadd options.end\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch1\u003e0.0.2 / 2013-02-10\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to match current express\u003c/li\u003e\n\u003cli\u003eadd .license property to component.json\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/9fd0c879f232c2464591f56dd7c7edad7f45b4e0\"\u003e\u003ccode\u003e9fd0c87\u003c/code\u003e\u003c/a\u003e 0.1.13 (\u003ca href=\"https://redirect.github.com/pillarjs/path-to-regexp/issues/425\"\u003e#425\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/pillarjs/path-to-regexp/commit/7ccf02cee33402f06ed2125085992ee9cd3a7c45\"\u003e\u003ccode\u003e7ccf02c\u003c/code\u003e\u003c/a\u003e fix: CVE-2026-4867\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/pillarjs/path-to-regexp/compare/v0.1.12...v.0.1.13\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eMaintainer changes\u003c/summary\u003e\n\u003cp\u003eThis version was pushed to npm by \u003ca href=\"https://www.npmjs.com/~ulisesgascon\"\u003eulisesgascon\u003c/a\u003e, a new releaser for path-to-regexp since your current version.\u003c/p\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `picomatch` from 2.3.1 to 2.3.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/releases\"\u003epicomatch's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e2.3.2\u003c/h2\u003e\n\u003cp\u003eThis is a security release fixing several security relevant issues.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: exception when glob pattern contains constructor by \u003ca href=\"https://github.com/Jason3S\"\u003e\u003ccode\u003e@​Jason3S\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/micromatch/picomatch/pull/144\"\u003emicromatch/picomatch#144\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-c2c7-rcm5-vvqj\"\u003eCVE-2026-33671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix for \u003ca href=\"https://github.com/micromatch/picomatch/security/advisories/GHSA-3v7f-55p6-f55p\"\u003eCVE-2026-33672\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ehttps://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md\"\u003epicomatch's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eRelease history\u003c/h1\u003e\n\u003cp\u003e\u003cstrong\u003eAll notable changes to this project will be documented in this file.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"http://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e\nand this project adheres to \u003ca href=\"http://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cul\u003e\n\u003cli\u003eChangelogs are for humans, not machines.\u003c/li\u003e\n\u003cli\u003eThere should be an entry for every single version.\u003c/li\u003e\n\u003cli\u003eThe same types of changes should be grouped.\u003c/li\u003e\n\u003cli\u003eVersions and sections should be linkable.\u003c/li\u003e\n\u003cli\u003eThe latest version comes first.\u003c/li\u003e\n\u003cli\u003eThe release date of each versions is displayed.\u003c/li\u003e\n\u003cli\u003eMention whether you follow Semantic Versioning.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003cp\u003eChangelog entries are classified using the following labels \u003cem\u003e(from \u003ca href=\"http://keepachangelog.com/\"\u003ekeep-a-changelog\u003c/a\u003e\u003c/em\u003e):\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eAdded\u003c/code\u003e for new features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eChanged\u003c/code\u003e for changes in existing functionality.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eDeprecated\u003c/code\u003e for soon-to-be removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eRemoved\u003c/code\u003e for now removed features.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eFixed\u003c/code\u003e for any bug fixes.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003eSecurity\u003c/code\u003e in case of vulnerabilities.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003e4.0.0 (2024-02-07)\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix bad text values in parse \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/126\"\u003e#126\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/connor4312\"\u003e\u003ccode\u003e@​connor4312\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRemove process global to work outside of node \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/129\"\u003e#129\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/styfle\"\u003e\u003ccode\u003e@​styfle\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd sideEffects to package.json \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/128\"\u003e#128\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/frandiox\"\u003e\u003ccode\u003e@​frandiox\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemoved \u003ccode\u003eos\u003c/code\u003e, make compatible browser environment. See \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/124\"\u003e#124\u003c/a\u003e, thanks to \u003ca href=\"https://github.com/gwsbhqt\"\u003e\u003ccode\u003e@​gwsbhqt\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e3.0.1\u003c/h2\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/81cba8d4b767cab3cb29d26eb4f691eed75b73b2\"\u003e\u003ccode\u003e81cba8d\u003c/code\u003e\u003c/a\u003e Publish 2.3.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/fc1f6b69006e9435caf8fb40d8aff378bc0b7bce\"\u003e\u003ccode\u003efc1f6b6\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/eec17aee5428a7249e9ca5adbb8a0d28fa29619b\"\u003e\u003ccode\u003eeec17ae\u003c/code\u003e\u003c/a\u003e Merge commit from fork\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/78f8ca4362d9e66cadea97b93e292f10096452ed\"\u003e\u003ccode\u003e78f8ca4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/156\"\u003e#156\u003c/a\u003e from micromatch/backport-144\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/micromatch/picomatch/commit/3f4f10eaa65bf3a52e8f2999674cd27e11fa3c9b\"\u003e\u003ccode\u003e3f4f10e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/micromatch/picomatch/issues/144\"\u003e#144\u003c/a\u003e from Jason3S/jdent-object-properties\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/micromatch/picomatch/compare/2.3.1...2.3.2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `qs` from 6.13.0 to 6.15.1\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/ljharb/qs/blob/main/CHANGELOG.md\"\u003eqs's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e silently drops all parameters\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.15.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003estrictMerge\u003c/code\u003e option to wrap object/primitive conflicts in an array (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/425\"\u003e#425\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/ljharb/qs/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eduplicates\u003c/code\u003e option should not apply to bracket notation keys (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/514\"\u003e#514\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: mark overflow objects for indexed notation exceeding \u003ccode\u003earrayLimit\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/546\"\u003e#546\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003earrayLimit\u003c/code\u003e means max count, not max index, in \u003ccode\u003ecombine\u003c/code\u003e/\u003ccode\u003emerge\u003c/code\u003e/\u003ccode\u003eparseArrayValue\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: throw on \u003ccode\u003earrayLimit\u003c/code\u003e exceeded with indexed notation when \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e is true (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/529\"\u003e#529\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: enforce \u003ccode\u003earrayLimit\u003c/code\u003e on \u003ccode\u003ecomma\u003c/code\u003e-parsed values\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: fix error message to reflect arrayLimit as max index; remove extraneous comments (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/545\"\u003e#545\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] replace runkit CI badge with shields.io check-runs badge\u003c/li\u003e\n\u003cli\u003e[meta] fix changelog typo (\u003ccode\u003earrayLength\u003c/code\u003e → \u003ccode\u003earrayLimit\u003c/code\u003e)\u003c/li\u003e\n\u003cli\u003e[actions] fix rebase workflow permissions\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.1\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Fix] ensure \u003ccode\u003earrayLimit\u003c/code\u003e applies to \u003ccode\u003e[]\u003c/code\u003e notation as well\u003c/li\u003e\n\u003cli\u003e[Fix] \u003ccode\u003eparse\u003c/code\u003e: when a custom decoder returns \u003ccode\u003enull\u003c/code\u003e for a key, ignore that key\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: extract key segment splitting helper\u003c/li\u003e\n\u003cli\u003e[meta] add threat model\u003c/li\u003e\n\u003cli\u003e[actions] add workflow permissions\u003c/li\u003e\n\u003cli\u003e[Tests] \u003ccode\u003estringify\u003c/code\u003e: increase coverage\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003eeslint\u003c/code\u003e, \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003enpmignore\u003c/code\u003e, \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003efor-each\u003c/code\u003e, \u003ccode\u003eobject-inspect\u003c/code\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.14.0\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[New] \u003ccode\u003eparse\u003c/code\u003e: add \u003ccode\u003ethrowOnParameterLimitExceeded\u003c/code\u003e option (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/517\"\u003e#517\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[Refactor] \u003ccode\u003eparse\u003c/code\u003e: use \u003ccode\u003eutils.combine\u003c/code\u003e more\u003c/li\u003e\n\u003cli\u003e[patch] \u003ccode\u003eparse\u003c/code\u003e: add explicit \u003ccode\u003ethrowOnLimitExceeded\u003c/code\u003e default\u003c/li\u003e\n\u003cli\u003e[actions] use shared action; re-add finishers\u003c/li\u003e\n\u003cli\u003e[meta] Fix changelog formatting bug\u003c/li\u003e\n\u003cli\u003e[Deps] update \u003ccode\u003eside-channel\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Dev Deps] update \u003ccode\u003ees-value-fixtures\u003c/code\u003e, \u003ccode\u003ehas-bigints\u003c/code\u003e, \u003ccode\u003ehas-proto\u003c/code\u003e, \u003ccode\u003ehas-symbols\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[Tests] increase coverage\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.3\u003c/strong\u003e\u003c/h2\u003e\n\u003cp\u003e[Fix] fix regressions from robustness refactor\n[actions] update reusable workflows\u003c/p\u003e\n\u003ch2\u003e\u003cstrong\u003e6.13.2\u003c/strong\u003e\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e[Robustness] avoid \u003ccode\u003e.push\u003c/code\u003e, use \u003ccode\u003evoid\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e[readme] clarify \u003ccode\u003eparseArrays\u003c/code\u003e and \u003ccode\u003earrayLimit\u003c/code\u003e documentation (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/543\"\u003e#543\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e[readme] document that \u003ccode\u003eaddQueryPrefix\u003c/code\u003e does not add \u003ccode\u003e?\u003c/code\u003e to empty output (\u003ca href=\"https://redirect.github.com/ljharb/qs/issues/418\"\u003e#418\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/3f5e1c528c967d915096787efbffa73cf6044170\"\u003e\u003ccode\u003e3f5e1c5\u003c/code\u003e\u003c/a\u003e v6.15.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/c85b67f0a35897c2d3d1dd2766a3c8f1bd9b371f\"\u003e\u003ccode\u003ec85b67f\u003c/code\u003e\u003c/a\u003e [Fix] \u003ccode\u003eparse\u003c/code\u003e: \u003ccode\u003eparameterLimit: Infinity\u003c/code\u003e with \u003ccode\u003ethrowOnLimitExceeded: true\u003c/code\u003e s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/4dfa0f09798f79b08c9727fde391b1aa4ec8572d\"\u003e\u003ccode\u003e4dfa0f0\u003c/code\u003e\u003c/a\u003e [Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/dbb05d7bd9a86b9125dd8e1e0d3dcae62abe106b\"\u003e\u003ccode\u003edbb05d7\u003c/code\u003e\u003c/a\u003e [Dev Deps] update \u003ccode\u003e@ljharb/eslint-config\u003c/code\u003e, \u003ccode\u003eiconv-lite\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/ljharb/qs/commit/b0cfe7cc01f3f7241c1d5cb4...\n\n_Description has been truncated_","html_url":"https://github.com/Zintradev/ML-Threat-Dashboard/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Zintradev%2FML-Threat-Dashboard/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}}]}